Add "AWS Snapshot Lock" feature

[ruimarinho]

Hi,

I would like to request the addition of a "AWS Snapshot Lock" feature to Barman. This feature would help protect snapshots against accidental or malicious deletions and allow them to be stored in a write-once-read-many (WORM) format for a specific duration. While a snapshot is locked, it can’t be deleted by any user, regardless of their permissions. However, users can continue to use a locked snapshot as they would use any other snapshot.

Use Cases

1. Protect snapshots from being accidentally deleted by administrators or automated processes.
2. Ensure snapshots are stored in a tamper-proof state for compliance with regulations requiring data immutability.
3. Implement retention policies to automatically manage the lifecycle of snapshots.

Example Command Line Interface:

barman-cloud-backup --cloud-provider aws-s3 --aws-region us-east-1 --snapshot-disk vol-123 --snapshot-instance i-345 --aws-snapshot-lock-mode governance --aws-snapshot-lock-duration 1-36500_days  s3://bucket my-cluster

The other two supported would be:

--aws-snapshot-cool-off-period=1-72_hours and --snapshot-expiration-date=YYYY-MM-DDThh:mm:ss.sssZ, mutually exclusive.

[martinmarques]

We looking at adding WORM support (ransomware protection) for local backups (as long as the underlying FS has some kind of WORM functionality) and we'll have a look at this feature for snapshots as well.

[martinmarques]

Thank you for the PR Rui!