fix: add missing Authorization Delegator role to s2s auth policy

[ocofaigh]

Description

Any key that is used for backup encryption also requires the "Authorization Delegator" role. This is also stated in the docs:

NOTE: I expect upgrade test fail but won't skip it until its confirmed auth policy will be update in place

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[ocofaigh]

/run pipeline

[ocofaigh]

/run pipeline

[shemau]

It is trivial, can we drop the word backup from the main encryption key in both places.

[shemau]

This is not the backup key.

[shemau]

This is not the backup key

[ocofaigh]

@shemau They could be the backup key. If user doesn't explicitly pick a different key for backup, then the same one used for data encryption is used. Hence why I added to both policies

[ocofaigh]

/run pipeline