Allow `aws_s3_bucket_policy` to be optionally applied or take on additional external policies

[guangie88]

Is your feature request related to a problem? Please describe.

Currently if an external user wishes to add additional bucket policies to the audit + access log buckets under this module, the only way is to set var.use_external_audit_log_bucket to true, which then disables most of the conveniences and requires the user to copy out the changes from this module to the external site.

This is because resource aws_s3_bucket_policy doesn't allow multiple parts applied at different times and sources, and only the last applied one takes full precedence.

Describe the solution you'd like

Allow variables to include flags to disable creating "aws_s3_bucket_policy" "audit_log"and/orresource "aws_s3_bucket_policy" "access_log_policy". And provide their respective policies as output` for external caller to use instead.

Describe alternatives you've considered

Allow optional additional policy JSON to be passed in for resource "aws_s3_bucket_policy" "audit_log" and/or resource "aws_s3_bucket_policy" "access_log_policy" to be incorporated.

The alternative is good that the module always get to ensure the baseline bucket policy is enforced, though bad being the external caller has lesser flexibility to finally create resource "aws_s3_bucket_policy" at the most appropriate juncture.

Additional context

Nil