feat(rest-api): SecurityPolicy & EndpointAccessMode support

[afa4]

Summary

• Add support for securityPolicy property under provider.apiGateway to configure TLS version on REST APIs
• Add support for endpointAccessMode property under provider.apiGateway to control API endpoint access mode (STRICT or BASIC)
• Add documentation for both new properties in docs/events/apigateway.md

Fixes #133

Example of usage:

provider:
  name: aws
  apiGateway:
    securityPolicy: SecurityPolicy_TLS13_2025_EDGE  # Recommended: Use TLS 1.2 or higher
    endpointAccessMode: STRICT

important notice:

both securityPolicy and endpointAccessMode configs are available only for AWS REST API Gateways, which are created when httpevents are used:

functions:
  testFunctionAwsRest:
    handler: index.handler
    events:
      - http:
          path: /test
          method: get

These properties have no effect if httpApi events are being used since this creates an AWS HTTP API (v2) in the CloudFormation stack:

# securityPolicy and endpointAccessMode configs wont have any effect because of httpApi event config
functions:
  testFunctionAwsHttp:
    handler: index.handler
    events:
      - httpApi:
          # ...

[mnapoli]

Could you cover this with tests?

[afa4]

Could you cover this with tests?

sure, wip

[afa4]

I had to fix some lint issues

[mnapoli]

This needs docs too, sorry I didn't spot that before. Have a look at other merged PRs to get an idea on what's needed to be merged.

[afa4]

This needs docs too, sorry I didn't spot that before. Have a look at other merged PRs to get an idea on what's needed to be merged.

No problem, I'll check everything to ensure the best release possible.

[afa4]

@mnapoli I think something is wrong with "Validate Windows" check. It's being running for 5 hours :s