Fix mismatched attach_volume rule

The attach_volume rule on the Compute Instances and Volume pages
does not match the rule in the nova_policy.json file, or what is
generated from an oslo policy generation on Nova. Update the rule
to match what is used in the default policy file, and what Nova
uses in its unit tests.

While looking at this, discovered that the detach_volume has a
similar problem, with no rule that matches at all. It may make sense
to have detach volume use similar permissions to attach

Change-Id: I40c709c7bb0c8538b56624dbfff1faea2eba9ee6
Closes-bug: 1772759

openstack_dashboard/dashboards/project/instances/tables.py

@@ -892,7 +892,8 @@ class AttachVolume(tables.LinkAction):
     verbose_name = _("Attach Volume")
     url = "horizon:project:instances:attach_volume"
     classes = ("ajax-modal",)
-    policy_rules = (("compute", "os_compute_api:servers:attach_volume"),)
+    policy_rules = (
+        ("compute", "os_compute_api:servers:create:attach_volume"),)
 
     # This action should be disabled if the instance
     # is not active, or the instance is being deleted

openstack_dashboard/dashboards/project/volumes/tables.py

@@ -188,7 +188,7 @@ class EditAttachments(tables.LinkAction):
             project_id = getattr(volume, "os-vol-tenant-attr:tenant_id", None)
             attach_allowed = \
                 policy.check((("compute",
-                             "os_compute_api:servers:attach_volume"),),
+                             "os_compute_api:servers:create:attach_volume"),),
                              request,
                              {"project_id": project_id})
             detach_allowed = \