Give Diun task socket access to read jobs

services/diun.tf

@@ -35,4 +35,18 @@ module "diun" {
       mount       = false
     },
   ]
+
+  workload_acl_policy = {
+    name        = "diun-read"
+    description = "Give the diun task read access to jobs"
+
+    rules_hcl = <<EOH
+namespace "default" {
+  capabilities = [
+    "list-jobs",
+    "read-job",
+  ]
+}
+EOH
+  }
 }