Tests and fixes several TODOs related to Lambda permissions and ARN, qualifier handling, especially focusing on API validation and exception handling.
All changes apply to the new lambda provider enabled through PROVIDER_OVERRIDE_LAMBDA=asf

• Validation + exception testing for add_permission
• Fix add_permission exception handling
• Fix alias detection regex (see new unit tests, manually validated against AWS, some cases are covered in parity tests).
• Check the scope of uniqueness constraint (see TODO: is this unique just in the policy or across all policies in region/account/function (?) in provider.py)
• Fix disparity behavior when publishing a new version. Observation: Publishing a new lambda version creates a new revision id for the permission associated with $LATEST. The current implementation doesn’t reflect that
• Fix disparity when adding permissions to old versions. Probably a follow-up issue due to the publishing version disparity
• revision_id for remove_permission
• revision_id for add_permission
• Double-check against old impl: localstack.services.awslambda.lambda_api.add_permission_policy_statement
• Generalize function name (ARN, ARN shortname) and qualifier resolving and re-use for lambda permissions
• Check where new helpers _validate_qualifier_expression and _resolve_fn_qualifier could be re-used in lambda (e.g., see TODOs in create_function_url_config)
• Extend localstack.services.awslambda.api_utils.build_statement (hard to test
• test Alexa (see TODO: add test for event_source_token (alexa smart home) and auth_type)

Follow-Up (out of scope in this PR)

• Test + implement revisions for lambda in general (with versions, aliases, layers, etc). It seems that the revision id of permissions is the same as for qualified lambdas (i.e., VersionFunctionConfiguration).
• MAYBE write a failing test for actual permission behavior (manually validated with SNS, tried SQS, but synchronous invocation via apigateway would be better because it executes much faster and more reliably)