Add two missing VPC permissions (#37896)

Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.

hacking/aws_config/testing_policies/compute-policy.json

@@ -77,8 +77,10 @@
                 "ec2:Describe*",
                 "ec2:DisassociateAddress",
                 "ec2:DisassociateRouteTable",
+                "ec2:DisassociateSubnetCidrBlock",
                 "ec2:ImportKeyPair",
                 "ec2:ModifyImageAttribute",
+                "ec2:ModifySubnetAttribute",
                 "ec2:ModifyVpcAttribute",
                 "ec2:RegisterImage",
                 "ec2:ReleaseAddress",

hacking/aws_config/testing_policies/network-policy.json

@@ -1,21 +1,6 @@
 {
     "Version": "2012-10-17",
     "Statement": [
-        {
-            "Sid": "ManageVPCsForRoute53Testing",
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateTags",
-                "ec2:CreateVpc",
-                "ec2:DeleteVpc",
-                "ec2:DescribeTags",
-                "ec2:DescribeVpcAttribute",
-                "ec2:DescribeVpcClassicLink",
-                "ec2:DescribeVpcs",
-                "ec2:ModifyVpcAttribute"
-            ],
-            "Resource": "*"
-        },
         {
             "Sid": "ManageRoute53ForTests",
             "Effect": "Allow",