feat(s3control): Add S3 AccessPoint and AccessPointPolicy

[kbujanecki-dt]

Description of your changes

Fixes #1782

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

apiVersion: s3control.aws.crossplane.io/v1alpha1
kind: AccessPoint
metadata:
  name: uber-access-point
spec:
  deletionPolicy: Orphan
  forProvider:
    accountID: "123456789012"
    bucket: "test-bucket"
    region: "eu-central-1"
    publicAccessBlockConfiguration:
      blockPublicACLs: true
      blockPublicPolicy: true
      ignorePublicACLs: true
      restrictPublicBuckets: true
    vpcConfiguration:
      vpcID: "vpc-XXXXXXXXXXX"
  providerConfigRef:
    name: "example"

apiVersion: s3control.aws.crossplane.io/v1alpha1
kind: AccessPointPolicy
metadata:
  name: uber-access-point-policy
spec:
  providerConfigRef:
    name: "example"
  forProvider:
    accessPointNameSelector:
      name: "uber-access-point"
    region: "eu-central-1"
    accountID: "123456789012"
    policy: >
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "arn:aws:iam::123456789012:role/sso/accessRole"
                  },
                  "Action": "s3:*",
                  "Resource": "arn:aws:s3:eu-central-1:123456789012:accesspoint/uber-access-point/object/*"
              }
          ]
      } 

[przysiadZeSztanga]

fyi, we plan to add policy for s3 access point in another PR

[przysiadZeSztanga]

S3 access poit policies and selectors were added.

[przysiadZeSztanga]

@MisterMX I saw that you did several reviews, could you have a look?

[kbujanecki-dt]

@MisterMX, thx you for the feedback. I implemented the requested changes.

CR for AccessPoint after changes:

kind: AccessPoint
metadata:
  name: access-point
spec:
  deletionPolicy: Delete
  forProvider:
    accountID: "123456789012"
    bucketName: example-bucket
    region: "eu-central-1"
    publicAccessBlockConfiguration:
      blockPublicACLs: true
      blockPublicPolicy: true
      ignorePublicACLs: true
      restrictPublicBuckets: true
    policy:
      statements:
        - notAction:
            - s3:DeleteBucket
          effect: Allow
          principal:
            awsPrincipals:
              - iamRoleArn: "arn:aws:iam::123456789012:role/sso/localRoleGitOpsArgoCDDeploy"
          resource:
            - "arn:aws:s3:eu-central-1:123456789012:accesspoint/access-point/object/*"
      version: 2012-10-17
    vpcConfiguration:
      vpcID: "vpc-1234567890123456"
  providerConfigRef:
    name: "example"

The structure for the access point policy body was copied from BucketPolicyBody.

[MisterMX]

@kbujanecki-dt thank you very much for your contribution. In order to avoid duplicate code it would be great if you could reuse the implementation from s3 which is already tested.

[MisterMX]

@kbujanecki-dt this looks good to me now. Thank you very much for your contribution! Can you please squash your changes into a single commit? Then I can merge it.

[kbujanecki-dt]

@kbujanecki-dt this looks good to me now. Thank you very much for your contribution! Can you please squash your changes into a single commit? Then I can merge it.

I squashed commits and pushed. On my fork I see a single commit but PR view looks unrefreshed (13 commits)
It looks ok now.
@MisterMX thank you for your time, really appreciate that. We are waiting for merge.

[MisterMX]

LGTM. Thank you very much for your contribution @kbujanecki-dt!