Apply secrets KMS CMK encryption

[dms1981]

A reference to the issue / Description of it

#4999

How does this PR fix the problem?

We have previously excluded the encryption of AWS Secretsmanager secrets from secure code analysis checks around the use of CMKs instead of AWS-managed keys. This PR applies appropriate KMS encryption and creates a KMS key in preparation for further encryption of secrets in the main Modernisation Platform account.

How has this been tested?

No. However $business-unit-general keys are in use within customer business units, and the pagerduty key is also in use (somewhat inconsistently) within the PagerDuty terraform.

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

Only if the KMS policies are insufficient. In this case, access to secrets may be interrupted while the policies are amended.

Checklist (check x in [ ] of list items)

• I have performed a self-review of my own code
• All checks have passed
• I have made corresponding changes to the documentation
• Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

[dms1981]

Closing this PR and breaking it into smaller steps.