Allow additional policies to be attached to worker nodes (#308)

Example usage : we want our nodes to be able to update route53 record
for using external-dns.

```hcl
data "template_file" "eks_worker_additional_route53_policy" {
  template = "${file("iam/route53_policy.json.tpl")}"
}

resource "aws_iam_policy" "eks_worker_additional_route53_policy" {
  description = "Allow nodes to update our zone"
  name = "${module.k8s_cluster01_label.id}-additional-route53-policy"
  policy = "${data.template_file.eks_worker_additional_route53_policy.rendered}"
}
```

which defines the policy; then in the EKS module :
```hcl
module "cluster01" {
  cluster_name = "cluster01"
<snip>
  workers_addtional_policies = [
    "${aws_iam_policy.eks_worker_additional_route53_policy.arn}"
  ]
  workers_addtional_policies_count = 1
<snip>
```

variables.tf

@@ -168,6 +168,16 @@ variable "worker_sg_ingress_from_port" {
   default     = "1025"
 }
 
+variable "workers_additional_policies" {
+  description = "Additional policies to be added to workers"
+  type        = "list"
+  default     = []
+}
+
+variable "workers_additional_policies_count" {
+  default = 0
+}
+
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to fetch AWS EKS credentials."
   default     = "aws-iam-authenticator"

workers.tf

@@ -143,6 +143,12 @@ resource "aws_iam_role_policy_attachment" "workers_AmazonEC2ContainerRegistryRea
   role       = "${aws_iam_role.workers.name}"
 }
 
+resource "aws_iam_role_policy_attachment" "workers_additional_policies" {
+  count      = "${var.workers_additional_policies_count}"
+  role       = "${aws_iam_role.workers.name}"
+  policy_arn = "${var.workers_additional_policies[count.index]}"
+}
+
 resource "null_resource" "tags_as_list_of_maps" {
   count = "${length(keys(var.tags))}"