rybbit: use 'Account Rule Lists' permission group for the CF sync token (v4)

tg plan verified the agent's guess 'Account Filter Lists Edit/Read' is not a key in the v4.52.7 permission-group map; the live CF API lists the correct account-scoped groups as 'Account Rule Lists Read'/'Write'.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

stacks/rybbit/crowdsec_edge.tf

@@ -154,8 +154,8 @@ resource "cloudflare_api_token" "list_sync" {
   policy {
     effect = "allow"
     permission_groups = [
-      data.cloudflare_api_token_permission_groups.all.account["Account Filter Lists Edit"],
-      data.cloudflare_api_token_permission_groups.all.account["Account Filter Lists Read"],
+      data.cloudflare_api_token_permission_groups.all.account["Account Rule Lists Write"],
+      data.cloudflare_api_token_permission_groups.all.account["Account Rule Lists Read"],
     ]
     resources = {
       "com.cloudflare.api.account.${local.cf_account_id}" = "*"