fix(s3): clarifying blockPublicAccess behavior with v2

[IkeNefcy]

Issue

Closes #32811

For clarity I did try a neater solution first #33613
but this was caught as a breaking change

Reason for this change

By default when you create an s3 bucket, all public access is already blocked. However if you then use CDK to specify 1 or more access point you want to unblock, all undefined block types will be auto set to false, and when it deploys you will see everything uncheck even if you only wanted to uncheck 1 thing.

So to fix this we should instead default all values to true when at least 1 option is specified, to mimic to experience when a user in the console unchecks the boxes.

Description of changes

blockPublicAccessV2 property of BucketProps
and class BlockPublicAccessV2 created.

For the blockPublicAccessV2 property I just did what probably should have been done to begin with, and assigned it to the type blockPublicAccessOptions.
The class is only there to help with the preset options.

I added this function to set the automatic true defaults if at least 1 option is used,

  private setBlockPublicAccessDefaults(blockPublicAccessOptions: BlockPublicAccessOptions) {
    return {
      blockPublicAcls: blockPublicAccessOptions.blockPublicAcls ?? true,
      blockPublicPolicy: blockPublicAccessOptions.blockPublicPolicy ?? true,
      ignorePublicAcls: blockPublicAccessOptions.ignorePublicAcls ?? true,
      restrictPublicBuckets: blockPublicAccessOptions.restrictPublicBuckets ?? true,
    };
  }

updated the readme context in a few places to indicate that the old method is deprecated

Description of how you validated changes

I added a duplicate test of the existing s3 tests under the same describe pattern.
For other tests not in s3 I just replaced with the new method.

Also added my own integ which tests both the new and old behavior. blockPublicAccess really isn't defined all that often, at least not in the CDK package itself, so most of the tests didn't need to be changes, or simply swapping to V2 didn't change the snapshots since it's so similar to previous.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.21%. Comparing base (7be47e1) to head (cb0e5d2).

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #33668   +/-   ##
=======================================
  Coverage   82.21%   82.21%           
=======================================
  Files         119      119           
  Lines        6876     6876           
  Branches     1162     1162           
=======================================
  Hits         5653     5653           
  Misses       1120     1120           
  Partials      103      103           

Flag	Coverage Δ
suite.unit	82.21% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	82.21% <ø> (ø)

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: cb0e5d2
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository