feat(rds): support configuring secret rotation behavior via rotateImmediatelyOnUpdate prop (#26329)

This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property.

Closes #26099

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: colifran

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "31.0.0",
+  "version": "32.0.0",
   "files": {
-    "a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305": {
+    "c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea": {
       "source": {
         "path": "aws-cdk-rds-cluster-rotation.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305.json",
+          "objectKey": "c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json

@@ -915,6 +915,7 @@
     "SecretId": {
      "Ref": "CustomRotationOptionsSecretAttachment697A23BF"
     },
+    "RotateImmediatelyOnUpdate": false,
     "RotationLambdaARN": {
      "Fn::GetAtt": [
       "CustomRotationOptionsRotationSingleUserC555446F",

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"31.0.0"}
+{"version":"32.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "31.0.0",
+  "version": "32.0.0",
   "testCases": {
     "integ.cluster-rotation.lit": {
       "stacks": [

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "31.0.0",
+  "version": "32.0.0",
   "artifacts": {
     "aws-cdk-rds-cluster-rotation.assets": {
       "type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -234,28 +234,19 @@
         "/aws-cdk-rds-cluster-rotation/Database/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "DatabaseB269D8BB",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "DatabaseB269D8BB"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/Database/Instance1": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "DatabaseInstance1844F58FD",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "DatabaseInstance1844F58FD"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/Database/Instance2": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "DatabaseInstance2AA380DEE",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "DatabaseInstance2AA380DEE"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/Database/RotationSingleUser/SecurityGroup/Resource": [
@@ -321,28 +312,19 @@
         "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "CustomRotationOptions7CA9E132",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "CustomRotationOptions7CA9E132"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Instance1": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "CustomRotationOptionsInstance1D693E87C",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "CustomRotationOptionsInstance1D693E87C"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Instance2": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "CustomRotationOptionsInstance2A21FADD8",
-            "trace": [
-              "!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
-            ]
+            "data": "CustomRotationOptionsInstance2A21FADD8"
           }
         ],
         "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/RotationSingleUser/SARMapping": [