fix: show diff when requesting approval for any-change

[mrgrain]

When --require-approval is set to any-change, the deploy confirmation prompt only included the security diff in its message. Since non-security changes don't produce a security diff, users were asked to approve changes without being able to see what those changes are. This makes the approval step useless because a human cannot make an informed decision without seeing the diff.

The fix ensures that when there are no security-related changes, the full stack diff is shown instead. When there are security changes, the behavior remains unchanged and the security diff is displayed as before. The motivation text in the prompt has also been updated to accurately reflect whether the approval is for security-sensitive changes or general changes.

This is fixed in both the CLI (aws-cdk) and the programmatic toolkit (toolkit-lib), which had slightly different but equally broken implementations.

Checklist

• This change contains a major version upgrade for a dependency and I confirm all breaking changes are addressed
  • Release notes for the new version:

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov-commenter]

Codecov Report

❌ Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.92%. Comparing base (5d2e5d1) to head (ddb9bfc).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/aws-cdk/lib/cli/cdk-toolkit.ts	71.42%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1255      +/-   ##
==========================================
- Coverage   87.92%   87.92%   -0.01%     
==========================================
  Files          73       73              
  Lines       10331    10333       +2     
  Branches     1394     1395       +1     
==========================================
+ Hits         9084     9085       +1     
- Misses       1221     1222       +1     
  Partials       26       26              

Flag	Coverage Δ
suite.unit	87.92% <75.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.