Add AWS MCP policy and expand CloudFormation role permissions

- Add new AWS MCP managed policy with permissions for MCP tool invocation
- Extend IAM permissions: add AttachRolePolicy and CreatePolicy actions
- Add ELB permissions for target group modification
- Add ECS permissions for task definition management (register/deregister/tag)

policies/aws-mcp-policy.yaml

@@ -0,0 +1,18 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: AWS MCP Managed Policy
+
+Resources:
+  AWSMCPPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      ManagedPolicyName: AWSMCPPolicy
+      Description: AWS MCP permissions for invoking MCP tools
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - aws-mcp:InvokeMcp
+              - aws-mcp:CallReadOnlyTool
+              - aws-mcp:CallReadWriteTool
+            Resource: "*"