fix: Allow staging users role assumption only by main principal (#822)

Allowing the S3 Batch Operations service was not necessary after all,
and caused non-prod deployment to hit a known CDK limitation
<aws/aws-cdk#1578>.

infrastructure/constructs/processing.py

@@ -387,9 +387,7 @@ def __init__(
         staging_users_role = aws_iam.Role(
             self,
             "staging-users-role",
-            assumed_by=aws_iam.CompositePrincipal(  # type: ignore[arg-type]
-                principal, aws_iam.ServicePrincipal("batchoperations.s3.amazonaws.com")
-            ),
+            assumed_by=principal,  # type: ignore[arg-type]
             max_session_duration=MAX_SESSION_DURATION,
             role_name=ResourceName.STAGING_USERS_ROLE_NAME.value,
         )