revert: "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket (#18264)" (#18772)

#18271 resulted in the definition of a new bucket policy, which broke existing users that already had an implicit bucket policy created by AWS (see [docs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)).

Reverts commit ad7374a in the meantime until we figure out the longer term solution.

Fixes #18676

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: Elad Ben-Israel

Diff for: packages/@aws-cdk/aws-cloudfront/lib/distribution.ts

@@ -430,10 +430,7 @@ export class Distribution extends Resource implements IDistribution {
       throw new Error('Explicitly disabled logging but provided a logging bucket.');
     }
 
-    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', {
-      encryption: s3.BucketEncryption.S3_MANAGED,
-      enforceSSL: true,
-    });
+    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket');
     return {
       bucket: bucket.bucketRegionalDomainName,
       includeCookies: props.logIncludesCookies,

Diff for: packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts

@@ -954,10 +954,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
     }
 
     if (props.loggingConfig) {
-      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', {
-        encryption: s3.BucketEncryption.S3_MANAGED,
-        enforceSSL: true,
-      });
+      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket');
       distributionConfig = {
         ...distributionConfig,
         logging: {

Diff for: packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json

@@ -75,67 +75,9 @@
     },
     "AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
       "Type": "AWS::S3::Bucket",
-      "Properties": {
-        "BucketEncryption": {
-          "ServerSideEncryptionConfiguration": [
-            {
-              "ServerSideEncryptionByDefault": {
-                "SSEAlgorithm": "AES256"
-              }
-            }
-          ]
-        }
-      },
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
-    "AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": {
-      "Type": "AWS::S3::BucketPolicy",
-      "Properties": {
-        "Bucket": {
-          "Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9"
-        },
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "s3:*",
-              "Condition": {
-                "Bool": {
-                  "aws:SecureTransport": "false"
-                }
-              },
-              "Effect": "Deny",
-              "Principal": {
-                "AWS": "*"
-              },
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
-                          "Arn"
-                        ]
-                      },
-                      "/*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        }
-      }
-    },
     "AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
       "Type": "AWS::CloudFront::Distribution",
       "Properties": {

Diff for: packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json

@@ -2,67 +2,9 @@
   "Resources": {
     "MyDistLoggingBucket9B8976BC": {
       "Type": "AWS::S3::Bucket",
-      "Properties": {
-        "BucketEncryption": {
-          "ServerSideEncryptionConfiguration": [
-            {
-              "ServerSideEncryptionByDefault": {
-                "SSEAlgorithm": "AES256"
-              }
-            }
-          ]
-        }
-      },
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
-    "MyDistLoggingBucketPolicy847D8D11": {
-      "Type": "AWS::S3::BucketPolicy",
-      "Properties": {
-        "Bucket": {
-          "Ref": "MyDistLoggingBucket9B8976BC"
-        },
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "s3:*",
-              "Condition": {
-                "Bool": {
-                  "aws:SecureTransport": "false"
-                }
-              },
-              "Effect": "Deny",
-              "Principal": {
-                "AWS": "*"
-              },
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "MyDistLoggingBucket9B8976BC",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "MyDistLoggingBucket9B8976BC",
-                          "Arn"
-                        ]
-                      },
-                      "/*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        }
-      }
-    },
     "MyDistDB88FD9A": {
       "Type": "AWS::CloudFront::Distribution",
       "Properties": {