docs(s3): clarify encryption property's default behavior (#34034)

### Issue # (if applicable)

n/a

### Reason for this change

We found that the current description of `BucketProps.encryption` was not clear about what happens if it is undefined.

Since the `unencrypted` option is no longer available on the S3 side, this PR removes it completely from the description and explicitly states that S3_MANAGED is the default.

> Can I disable encryption for the new objects being written to my bucket?
No. SSE-S3 is the new base level of encryption that's applied to all the new objects being uploaded to your bucket. You can no longer disable encryption for new object uploads.
> https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html

### Description of changes



### Describe any new or updated permissions being added




### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: tmokmss

packages/aws-cdk-lib/aws-s3/lib/bucket.ts

@@ -1639,8 +1639,7 @@ export interface BucketProps {
    * If you choose KMS, you can specify a KMS key via `encryptionKey`. If
    * encryption key is not specified, a key will automatically be created.
    *
-   * @default - `KMS` if `encryptionKey` is specified, or `UNENCRYPTED` otherwise.
-   * But if `UNENCRYPTED` is specified, the bucket will be encrypted as `S3_MANAGED` automatically.
+   * @default - `KMS` if `encryptionKey` is specified, or `S3_MANAGED` otherwise.
    */
   readonly encryption?: BucketEncryption;