I apologize in advance for what you're going to see in this commit.

So basically the terraform acceptance testing framework for the terraform plugin framework doesn't support the use of terraform modules. Yes, you read that right. In this context "doesn't support" means "will not delete any of the resources created by a module if the test fails". The module in question creates hundreds of resources so this isn't an ideal outcome.

As a result I split the module out to a separate file and imported the arns of the essential created resources. This isn't ideal and isn't how end users should do this. I'm not sure how to square the circle on this one.

Also adds an email validator as that seemed sensible.

I moved the aws elements of the cmr generate function into helper functions to improve readability of that enormous switch.

In some circumstances the API can return permission denied rather than not found for a resource that has been deleted. We handle it as a not found because
* the user will be failing auth at a much earlier stage in the provider flow if their token is actually invalid
* if we don't handle it as a not found we will incorrectly error on deleted resources

I added that tag when I was doing byoc testing work and didn't want to also hit the standard stuff when repeating the tests frequently. This is no longer necessary and is occasionally causing test duplication so away it goes!

It looks like there is a large rework for serverless required which is out of scope for this PR. It should still work, I will come back to it in a follow on PR.