Draft: lock down S3 bucket permissions and create a Cloudfront distribution
- only working with ansible 2.10+
- AWS recommends origin-access-control over origin-access-identity... but not supported in the ansible modules for this yet. wip branch for this https://gitlab.outlandish.com/ansible-roles/outlandish-s3-upload/-/tree/cloudfront-origin-access-control