Add article: detect public resource exposure via session policy error messages

[raajheshkannaa]

Closes #499

Adds a new article under aws/enumeration/ documenting the session policy error message technique for detecting publicly accessible AWS resources.

Summary:

• Covers the deny-all session policy setup and how verbose IAM error messages reveal public resource-based policies
• Includes classification table for interpreting error responses
• Documents confirmed services (SNS, SQS, Lambda, KMS, ECR, EventBridge)
• Notes limitations: SCP/RCP interference, ambiguous negatives, S3 same-org caveat, cross-account scope
• OPSEC section on CloudTrail visibility (empirically verified for SNS/SQS)
• Credits original research by Daniel Grzelak and Sam Cox at Plerion

Based on Don't Expose Yourself in Public, Let AWS Error Messages Do It.

cc @Frichetten

[Frichetten]

Hey Raajhesh, thank you for your submission! I took a look and everything looks good! As long as CI/CD passes, I will merge it.

Did you have a preferred social media site or sites you use? When I merge from external contributors I like to give them a shoutout.

[raajheshkannaa]

Thanks for the review! You can find me on LinkedIn: https://www.linkedin.com/in/raajhesh-kannaa-chidambaram

[Frichetten]

Wonderful, I'll merge! Thank you again for the submission!