Grant the lambda execution role access to the MRAP bucket (#3123)

## Motivation and Context
Canary is failing because the lambda execution role can't access the
bucket.

## Description
- Grant the lambda role access to the bucket

## Testing
- ran policy engine in my account to verify access
- [x] ran canary in my account

---

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._