support Auth type "AWS_IAM" for lambda webhooks

I want notification policy to trigger lambda function that receives webhooks. For some use cases, we want a lambda function to trigger step functions that perform

- pre
- track run (start, approve, watch until done)
- post

I want to reuse the spacelift webhooks as opposed to building out a github integration b/c spacelift tracking webhooks are already getting fired off when we want and contain all of the information that our lambda function needs.

I have a POC for this today that does:

- named webhook that connects to our lambda function via a public url

- approval policy for a stack (so that it will get enqueued, but not be executed, the lambda function will do the approval to control when plan/apply happens) - this is a bit of a workaround that I can’t use an event that happens just when the commit it updated without triggering a stack, but that is a less important ticket for later :))

- tag stacks that should be managed by the step functions
- global notificaiton policy that looks for our tagged stacks in QUEUED state to fire off lambda function
- lamda function calls a step function that does pre stuff, then approves the stack, then watches until done, then calls post stuff

The current approach has the following issues:

- if I use a public lambda url I must set auth type to None (unclear if this is going to fly with security beyond POC)
- I may need to build out my own auth via api gateway via the shared secret (I’d prefer not to invent this pattern)
- Secrets used for auth are readable in spacelift

Ideally, I could integrate with lambda using a webhook that can authorize via Auth type AWS_IAM - this should be possible using either the role assigned to the worker or a stack - although I would prefer using the workers role