fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle

Author: Shubham Chaturvedi

decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py

@@ -16,6 +16,7 @@
 import os
 
 import aws_encryption_sdk
+from aws_encryption_sdk.identifiers import CommitmentPolicy
 from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider
 from chalice import Chalice, Response
 
@@ -59,7 +60,7 @@ def basic_decrypt() -> Response:
     APP.log.debug(APP.current_request.raw_body)
 
     try:
-        client = aws_encryption_sdk.EncryptionSDKClient()
+        client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT)
         ciphertext = APP.current_request.raw_body
         plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider())
         APP.log.debug("Plaintext:")