As a platform engineer
I want the AWS CAPA credential request to include ec2:AllocateHosts and ec2:ReleaseHosts privileges
So that I can successfully allocate and release dedicated hosts for workloads that require them

Background:
Currently, the AWS CAPA (Cluster API Provider AWS) credential request lacks the necessary permissions to manage EC2 dedicated hosts. This prevents users from allocating dedicated hosts for workloads that have specific compliance, licensing, or performance isolation requirements. Without these privileges, attempts to allocate or release dedicated hosts will fail with permission errors.

Acceptance Criteria:
1. Given the AWS CAPA credential request configuration
When the credential request is applied to the cluster
Then the ec2:AllocateHosts privilege is included in the IAM policy# Given the AWS CAPA credential request configuration
When the credential request is applied to the cluster
Then the ec2:ReleaseHosts privilege is included in the IAM policy

1. Given a cluster with the updated credential request
   When a user attempts to allocate a dedicated host
   Then the operation succeeds without permission errors
2. Given a cluster with allocated dedicated hosts
   When a user attempts to release a dedicated host
   Then the operation succeeds without permission errors

Definition of Done:
- [ ] Credential request configuration updated with new privileges
- [ ] Changes tested in development environment
- [ ] Dedicated host allocation/release functionality validated
- [ ] Documentation updated if applicable
- [ ] Security review completed for new privileges