In order to deny request propagation that uses email associated with any domains of a `domain_denylist`, we need to create a WAF rule.
**To do**
[] Add a rule for the WAF of `auth` API service.
The WAF should be able to inspect the json request body.
A typical json request body looks like as follows:
```
{
"email": "user@example.com",
"username": "username",
"password": "userpassword",
"policy_version": "v1.1",
"policy_date_accept": "2023-03-10T12:34:56.789Z",
"marketing_emails": "false",
"captcha_id": "somecaptcha_id",
"captcha_solution": "somecaptcha_solution"
}
```
If (for example) the `domain_denylist` is ["example.com", "abc.com"], the request above should not be forwarded.
Note: Use the same `domain_denylist` variable from IaC that we will use dashboard and auth service.
AWS docs: https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonBody.html
**Acceptance criteria**
[] On dev, set up a test `domain_denylist`. Send a request from dev dashboard using email with the domain from deny list. See that your request does not reach Auth service.
[] Check cloudwatch logs for `auth` service. You should not see the `/create-user` log related to your request.