When trying to make minimal-permission IAM policies, it can be necessary
to ensure the policy remains as compact as possible. In certain cases,
the same permissions will be extended to multiple resources separately,
and those can be represented using a single statement, instead of one
per each resource. This feature allows code to select a "singleton" SID
for their permissions, and look it up from an existing PolicyDocument so
resources can be added to it instead of new statements being created.

The feature is being used in order to avoid creating extremely large
policy documents when adding CodePipeline actions to deploy a number of
CloudFormation stacks using the same ChangeSet name (using a single
statement instead of one per stack).

BREAKING CHANGE: The `sid` attribute of the `PolicyStatement` class is
now read-only and must be set at construction time if an `sid` is to be
used. This also enables guaranteeing `sid` uniqueness in palces where it
is required, such as SNS Topic policies.

…truct on the policy editor side

…m actions and conditions instead