Automate creating a postgres user for DB scanning

[aloftus23]

🗣 Description

Add "Create scan user" to syncdb so the vulnerability scanners can access our schema.

The user will only be created if it doesn't already exist and the name/password are protected in the AWS Systems Manager parameter store.

The user is limited to these permissions:

Database Access:

• The user can connect to the database.

Schema Access:

• The user can access the public schema but cannot modify it.

Table Access:

• The user can query (read) all existing tables in the public schema.
• The user will also automatically have read access to any new tables created in the public schema in the future.

💭 Motivation and context

Allow scanners to access the database schema.

Created the user locally with syncdb and tested all of the permissions with these commands:
SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'public';
SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';
SELECT * FROM "domain";

🧪 Testing

Passes pre-commit and github checks.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All future TODOs are captured in issues, which are referenced
  in code comments.
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge checklist

• Revert dependencies to default branches.
• Finalize version.

✅ Post-merge checklist

• Create a release.

[rapidray12]

pretty standard stuff. Where is the actual username and password stored?

[Matthew-Grayson]

Solid 😎

[cduhn17]

LGTM - a flexible approach since its environment specific.