Overview:

We can currently run Terraform plans either via GitHub Actions or locally using organization admin credentials. The latter is used for updating the provider lock files or debugging the remote state. This is not only inconvenient ("ocm login --use-device-code" > Private tab > Enter the code and credentials) but also increases the risk of errors due to elevated privileges.

Acceptance Criteria:

• ACS CS team (possibly expand to On Call) can run terraform plan with their own credentials.
• Runbooks, documentation updated