fix(query): fix fp for s3_bucket_access_to_any_principal

[cx-andre-pereira]

Reason for Proposed Changes

• Currently the query s3_bucket_access_to_any_principal can only determine if a "Principal" has permissions "*" or "s3:*" from YAML files if it has no "!If" statements associated.
• With "!If" statements the flag will trigger every time due to lack of specific case handling . The query does not take into consideration the existence of If´s.
• The If structure is as follows : (YAML)

    - <CONDITION>
    - <THEN>
    - <ELSE>

• The values for <THEN> and <ELSE> require scanning that is currently inexistent. Either of these values can have meaningful policy statements for this query.

Proposed Changes

• Introduced two helper functions (handle_if_statements and handle_if_statement) to correctly traverse and extract valid policy statements from structures resulting from !If conditions.

• This improves the query’s accuracy by avoiding false positives when Principal is not actually "*" in resolved policy logic, and also guarantees the verifications of each and every meaningful object in the if statement be it a <THEN> or <ELSE> associated object.

originalPR

I submit this contribution under the Apache-2.0 license.

[cx-artur-ribeiro]

LGTM. We could improve the way the if statement is being handled by supporting this flow in the library instead of the function.
But since the scope of this PR is to only fix the query, we can add that as a later improment.

[cx-eduardo-semanas]

LGTM