feat(codebuild): add CodeConnections auth support for GitHub source

[lvthillo]

Issue # (if applicable)

Closes #31236
Closes #31726

Reason for this change

Add CodeConnections auth support for GitHub source

Description of changes

Adds a connectionArn property to GitHubSourceProps that allows configuring CodeConnections (GitHub App) authentication for CodeBuild GitHub sources.

Describe any new or updated permissions being added

When connectionArn is provided, codeconnections:UseConnection is granted to the project role, scoped to the specific connection ARN.

Description of how you validated changes

• GitHub source with CodeConnections auth (repo-level)
• Organizational webhook with CodeConnections auth
• IAM permission grant verification
• Absence of auth when connectionArn is not provided

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results	24 ran	24 passed

Test	Result
No test annotations available

• View Security Guardian Results

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results with resolved templates	24 ran	24 passed

Test	Result
No test annotations available

• View Security Guardian Results with resolved templates

[lvthillo]

I'm unable to run the integration test with a real deployment as it requires an authorized CodeConnections connection.
The integ test file is included but has no snapshot. Could a maintainer please run the integration test to generate the snapshot?

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.