Create the start-release lambda

[pietroalbini]

This PR creates a new lambda called start-release, which is responsible for correctly invoking the CodeBuild job that starts a new release. The lambda only allows a small set of allowlisted actions to execute, which allows us to grant permissions to invoke the lambda to a larger set of users than just infra admins (in this case, the release team).

Most invocations of the lambda require a payload of just the action name, except for publish-rust-dev-stable which also requires the planned release date for blog post purposes. The lambda will return the build ID, the CloudWatch URL and the CloudWatch group name.

Right now the only way to invoke the function is through the AWS CLI:

aws lambda invoke --function-name start-release /dev/stdout --payload "$(echo '{"action": "publish-rust-dev-nightly"}' | base64)" | jq .

I will work later on a script in the https://github.com/rust-lang/release-team repository to correctly invoke the lamdba, and setting up permissions for the release team to invoke the lambda.

Part of #442