fix: need list permission on web bucket

This is needed so that we know if the deployments log
actually do not exist during the initial deployment.

Author: henrist

src/__snapshots__/index.test.ts.snap

@@ -91,6 +91,10 @@ export class WebappDeploy extends cdk.Construct {
           actions: ["s3:GetObject", "s3:PutObject"],
           resources: [props.webBucket.arnForObjects("deployments.log")],
         }),
+        new iam.PolicyStatement({
+          actions: ["s3:List*"],
+          resources: [props.webBucket.bucketArn],
+        }),
         new iam.PolicyStatement({
           actions: ["cloudfront:CreateInvalidation"],
           // Cannot be restricted