Automated role management for resource accessing code

What is claimed is: 1. A system, comprising: an identity and access management (IAM) system configured to store roles that are granted respective permissions for accessing resources; and one or more computers that implement a role manager, configured to: detect one or more changes made to a code segment via a graphical user interface (GUI), wherein the code segment is registered with a role in the IAM system with permissions to access resources used in the code segment; analyze the code segment to determine that the one or more changes alters a resource access scope of the code segment, and in response: generate, via the GUI, a warning indicating that the resource access scope of the code segment has been altered; receive, via the GUI, user input indicating a role management action to change the role registered to the code segment; and send one or more requests to the IAM system to change the role according to the user input. 2. The system of claim 1 , wherein the role management action modifies one or more permissions in the role. 3. The system of claim 1 , wherein the role management action generates a new role in the IAM system for the code segment. 4. The system of claim 1 , wherein the role management action registers a different role in the IAM system to the code segment. 5. The system of claim 1 , wherein the role manager is configured to include in the warning a list of role management actions, and the user input is a selection of one of the role management actions in the list. 6. The system of claim 1 , wherein the role manager is configured to generate the warning before the one or more changes to the code segment are saved or before an exit of a code editing session. 7. The system of claim 1 , wherein the one or more changes reduces the resource access scope of the code segment, and the change to the role reduces permissions granted to the role. 8. The system of claim 1 , wherein the role manager is configured to: detect that the role is registered to another code segment; and generate, via the GUI, another warning indicating that the role management action impacts the other code segment. 9. The system of claim 1 , wherein the role manager is configured to: detect that the role is no longer registered to any code segments; and automatically delete the role from the IAM systems. 10. The system of claim 1 , wherein to analyze the code segment, the role manager is configured to: parse the code segment to identify one or more resources accessed by the code segment. 11. The system of claim 1 , wherein the role manager is implemented as part of a code authoring system, and the GUI is a code editing interface of the code authoring system. 12. The system of claim 1 , wherein the code segment accesses resources provided by a network-accessible service provider network that provisions and hosts virtual computing resources for a plurality of clients. 13. The system of claim 12 , wherein: the role manager is implemented as part of a code authoring system for editing code executable in a workflow orchestration service of the network-accessible service provider network. 14. The system of claim 13 , wherein: the code segment is part of a definition of a state machine; the code segment specifies one or more actions to perform to transition from one state to another state in the state machine; and the workflow orchestration service is a serverless execution service configured to execute the state machine. 15. A method, comprising: performing, via one or more computers that implement a role manager: detecting one or more changes made to a code segment via a graphical user interface (GUI), wherein the code segment is registered with a role with permissions to access resources used in the code segment; analyzing the one or more changes to determine that the one or more changes alters a resource access scope of the code segment, and in response: generating, via the GUI, a warning indicating that the resource access scope of the code segment has been altered; receiving, via the GUI, user input indicating a role management action to change the role registered to the code segment; and causing the role to be changed according to the user input. 16. The method of claim 15 , wherein the warning includes a list of role management actions, and the user input is a selection of one of the role management actions in the list. 17. The method of claim 15 , wherein the one or more changes reduces the resource access scope of the code segment, and the change to the role reduces permissions granted to the role. 18. The method of claim 15 , further comprising the role manager: detecting that the role is registered to another code segment; and generating, via the GUI, another warning indicating that the role management action impacts the other code segment. 19. The system of claim 1 , further comprising the role manager: detecting that the role is no longer registered to any code segments; and automatically deleting the role in response to the detection that the role is no longer registered to any code segments. 20. One or more non-transitory computer-accessible storage media storing program instructions that when executed on or across one or more processors implement a role manager and cause the role manager to: detect one or more changes made to a code segment via a graphical user interface (GUI), wherein the code segment is registered with a role with permissions to access resources used in the code segment; analyze the code segment to determine that the one or more changes alters a resource access scope of the code segment, and in response: generate, via the GUI, a warning indicating that the resource access scope of the code segment has been altered; receive, via the GUI, user input indicating a role management action to change the role registered to the code segment; and cause the role to be changed according to the user input.