whoAMI: A cloud image name confusion attack

### Executive Summary Datadog Security Labs discovered and responsibly disclosed a 'whoAMI' name confusion vulnerability in which systems that call ec2:DescribeImages filtered only by name (and not by owner) can be tricked into using attacker-published AMIs, enabling arbitrary code execution; they demonstrated the issue across Terraform, CLI, and SDKs, found real-world vulnerable code, coordinated a fix with AWS (including the new Allowed AMIs guardrail), and published detection and remediation tools and rules (whoAMI-scanner, Semgrep, Cloud SIEM rules).