Update CloudTrail validate-logs for full key query range

[IanLeeYT]

Issue #, if available:
N/A
Description of changes:
There exists an edge case in the CloudTrail validate-logs command where the script fails to query all CloudTrail public keys to validate the digest signature. It can happen when the command end time lands right after the rotation instant. Fix is to add a two hour buffer period.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.40%. Comparing base (c4681b5) to head (a373c3f).
⚠️ Report is 137 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #10072      +/-   ##
===========================================
+ Coverage    93.39%   93.40%   +0.01%     
===========================================
  Files          210      210              
  Lines        17052    17139      +87     
===========================================
+ Hits         15925    16009      +84     
- Misses        1127     1130       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[AndrewAsseily]

Thanks Ian! Looks good. Could you just add a changelog entry, here as well? Also something like:

'''
{
"category": "cloudtrail",
"description": "Fixed edge case in validate-logs where digest validation could fail with "public key not found" when the end time lands near a key rotation boundary",
"type": "bugfix"
}
'''

[AndrewAsseily]

🚢