Too many permissions in elz-workload IAM module

[hslange]

In the module elz-workload/iam.tf, permissions are provided for databases (amongst others).

There are few things related to database permissions:

• Only if the variable enable_datasafe is true, the group "database_admin_group_name" gets permissions to manage (autonomous) databases, otherwise, this group only get's "read" permission for (autonomous) databases. The database permissions itself should not depend on datasafe.
• the group "database_admin_group_name" gets permissions to manage "database-family", "autonomous-databases" and "autonomous-container-databases".
  The resource "database-family" provides too many permissions, e.g. the permission to create exadata-infrastructure and exadata-vmclusters, which should not be given as the standard workload structure is not prepared for exadata worload.
  The policies for autonomous databases are missing a few permissions. The policies missing are related to: autonomous-backups, autonomousContainerDatabaseDataguardAssociations and AutonomousDatabaseDataguardAssociation