Support new COOL environment structure

[dav3r]

🗣 Description

This PR makes updates in support of the switchover from our legacy account/environment scheme (where staging and production accounts exist within the same AWS organization) to our new scheme (where they do not).

Highlights include:

• Removal of any hard-coded references to staging or production resources
• Use of secrets stored within GitHub environments (courtesy of Support GitHub environment secrets in terraform-to-secrets development-guide#111)
• Use of build users specific to a COOL environment (courtesy of Make build user support a single build environment ami-build-iam-user-tf-module#62)
• Development AMIs are now created in the GitHub Actions "build" workflow (see changes in .github/workflows/build.yml), whereas previously they were only created for pre-releases (staging) and releases (production).
• Use of partial backend configurations for terraform-build-user and terraform-post-packer

💭 Motivation and context

The goal of this PR is to get us closer to our modernized account scheme where there is no more co-mingling of staging and production accounts. Doing that will result in cleaner code across all COOL-related repositories as well as improved separation of resources across all COOL environments.

🧪 Testing

The x86 and ARM AMIs were successfully created in the dev environment via the build workflow. I applied the updated terraform-post-packer and it ran, though it doesn't really do anything since we don't have any dynamic "env*" accounts created yet in the dev environment.

The x86 and ARM AMIs were successfully created in the staging-a environment via the prerelease workflow. I applied the updated terraform-post-packer and it ran successfully. Since I used a tfvars file that shared the AMIs with the legacy staging env* accounts, I confirmed via the AWS GUI that the new AMIs were indeed shared with those legacy staging accounts.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge checklist

• Revert dependencies to default branches (terraform-build-user/main.tf)
• Set final (release) version to 2.0.0+build.2 (at least, I think that is what we should do here - if you have a different opinion, please speak up in the PR discussion below).

✅ Post-merge checklist

• Create a release.