fix(aws): Cloudfront control fails for specific configuration (#4735)

#### Summary

<!--
Explain what problem this PR addresses
-->

<!--

plugins/source/aws/policies/queries/cloudfront/viewer_policy_https.sql

@@ -1,3 +1,11 @@
+with cachebeviors as (
+	-- Handle all non defaults as well as when there is only a default route
+	select distinct arn, account_id from (select arn,account_id, d as CacheBehavior from aws_cloudfront_distributions, jsonb_array_elements(distribution_config->'CacheBehaviors'->'Items') as d where distribution_config->'CacheBehaviors'->'Items' != 'null' 
+	union 
+	-- 	Handle default Cachebehaviors
+	select arn,account_id, distribution_config->'DefaultCacheBehavior' as CacheBehavior from aws_cloudfront_distributions) as cachebeviors where CacheBehavior->>'ViewerProtocolPolicy' = 'allow-all'
+)
+
 insert into aws_policy_results
 select
     :'execution_time' as execution_time,
@@ -6,10 +14,5 @@ select
     'CloudFront distributions should require encryption in transit' as title,
     account_id,
     arn as resource_id,
-    case
-        when d->>'ViewerProtocolPolicy' is not null
-            or d->>'ViewerProtocolPolicy' = 'allow-all' then 'fail'
-        else 'pass'
-    end as status
-from aws_cloudfront_distributions
-left join jsonb_array_elements(distribution_config->'CacheBehaviors'->'Items') as d on d->>'ViewerProtocolPolicy' = 'allow-all'
+    'fail' as status
+from cachebeviors