Re-evaluate S3 permissions

[BryceStevenWilley]

• Restrict public access if possible (there's some notes on using presigned URLs, and it seems like those should work without allowing public access to the whole bucket, but it doesn't work when sent to the e-file proxy)
• Not sure why the user role needs s3:* on the bucket itself. Should likely be restricted a bit more.

[BryceStevenWilley]

(Moved this issue to #21)

The README says that we don't need to allow public access, but we definitely do; Amazon won't let me save the given JSON if we don't allow it:

You either don't have permissions to edit the bucket policy, or your bucket policy grants a level of public access that conflicts with your Block Public Access settings. To edit a bucket policy, you need the s3:PutBucketPolicy permission. To review which Block Public Access settings are turned on, view your account and bucket settings. Learn more about Identity and access management in Amazon S3
API response
User: arn:aws:iam::***:user/bwilley is not authorized to perform: s3:PutBucketPolicy on resource: "arn:aws:s3:::THE_BUCKET" because public policies are blocked by the BlockPublicPolicy block public access setting.