[BUG] PatchMgmt - Document sha mismatch causes maintenance window runs to fail

[tdcarrol]

Describe the bug

The sra_linux_maintenance maintenance window is failing after initial success. This appears to be due to a documented hash mismatch issue where the document hash is stored at creation time but not updated when AWS updates the underlying SSM documents.

Checking CloudWatch logs shows this error:

  "errorCode": "InvalidDocument",
  "errorMessage": "document hash ee02200c65f0b5f76be341511a1520e7880c15312ca8b5455aebf1847d08705f does not match Sha256."

To Reproduce

Steps to reproduce the behavior:

1. Deploy the AWS SRA solution using either the easy setup or the individual patch management solution
2. Wait for AWS to update their SSM documents (specifically AWS-RunPatchBaseline)
3. The next time the maintenance window runs, it will fail with a document hash mismatch error

Expected behavior

The maintenance windows should either:

1. Not hardcode the document hash at creation time, or
2. Have a mechanism to update the document hash automatically when AWS updates the underlying SSM documents

Deployment Environment (please complete the following information)

• Deployment Framework [e.g. Customizations for Control Tower and CloudFormation StackSets]: sra-easy-setup.yaml
• Deployment Framework Version [e.g. 1.0, 2.0]: Not sure, it's a few months old, latest sra-easy-setup.yaml

Additional context

Add any other context about the problem here.