feat(s3tables): make tableBucketName optional on TableBucket

[badmintoncryer]

Issue # (if applicable)

Closes #37747.

Reason for this change

@aws-cdk/aws-s3tables-alpha's TableBucket requires tableBucketName as a mandatory prop, which is inconsistent with aws-s3.Bucket and the majority of CDK L2 constructs where the resource name is optional. Forcing every caller to invent a globally-unique name is friction that does not exist for Bucket and other comparable resources.

Description of changes

• TableBucketProps.tableBucketName is now string? (optional). Existing code that passes tableBucketName is unaffected.
• When the user omits tableBucketName, the constructor generates a unique name via:

  Lazy.string({
    produce: () => Names.uniqueResourceName(this, {
      maxLength: 63,
      allowedSpecialCharacters: '-',
      separator: '-',
    }).toLowerCase(),
  })

  The result satisfies the S3 Tables naming rules (3-63 chars, lowercase letters / digits / hyphens, alphanumeric at start and end). Sample produced name from the new integ stack: autonamedteststack-autonamedbucket-ab3a2b45.
• The L1 CfnTableBucket now receives this.physicalName (instead of props.tableBucketName), so user-supplied and auto-generated paths are unified. This is the same pattern as aws-s3.Bucket (bucketName: this.physicalName).

Why Lazy.string + Names.uniqueResourceName and not PhysicalName.GENERATE_IF_NEEDED?

AWS::S3Tables::TableBucket requires TableBucketName per the CFN spec (see cdk.requiredValidator in the generated L1). PhysicalName.GENERATE_IF_NEEDED only triggers generatePhysicalName() for cross-environment references; for same-env usage it leaves the name as undefined, which fails L1 synthesis. We therefore need eager generation. The Lazy.string + Names.uniqueResourceName pattern is exactly what other L2s in this situation use:

L2	Source
aws-elasticloadbalancingv2.TrustStore	packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts
aws-cloudfront.RealtimeLogConfig	packages/aws-cdk-lib/aws-cloudfront/lib/realtime-log-config.ts
aws-cloudfront.KeyValueStore	packages/aws-cdk-lib/aws-cloudfront/lib/key-value-store.ts

Describe any new or updated permissions being added

None.

Description of how you validated changes

Add both unit and integ tests.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.
To suppress a specific rule, see Suppressing Rules.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results	48 ran	48 passed

Test	Result
No test annotations available

• View Security Guardian Results

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.
To suppress a specific rule, see Suppressing Rules.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results with resolved templates	48 ran	48 passed

Test	Result
No test annotations available

• View Security Guardian Results with resolved templates