feat(eks): make kubectlLayer property required from optional (#32930)

### Issue
#33261

### Reason for this change

`aws-cdk-lib` has a very outdated version of kubectl layer as dependency https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/package.json#L123. It uses an outdated helm version which is involved in a CVE.

The dependency was added because if users do not provide a kubectl layer version for EKS cluster, it will use v20 as the default. CDK itself shouldn't use a specific version of kubectl layer as dependency.

To remove the dependency, `kubectlLayer` will become a required property instead of optional. The default version v20 is too old to work with current EKS supported version v24+. However, if you're not using the property, you will see an error saying it's a required property. Please uses a kubectl layer version that's compatible with your cluster.

### Description of changes

- Make the property required from options
- Update unit tests and integration tests
- Remove the dependency of `"@aws-cdk/asset-kubectl-v20": "^2.1.3"`

### Describe any new or updated permissions being added




### Description of how you validated changes

unit tests/integration tests

### Checklist
- [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

BREAKING CHANGE: `kubectlLayer` property is now required in EKS `Cluster` and `FargateCluster` constructs. The default value for `kubectlLayer` is outdated and hence being removed. You can specify your own kubectlLayer version based on your Kubernetes version.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: xazhao

allowed-breaking-changes.txt

@@ -951,3 +951,8 @@ changed-type:aws-cdk-lib.cx_api.CloudFormationStackArtifact.notificationArns
 # See: https://github.com/cdklabs/cloud-assembly-schema/pull/121
 weakened:aws-cdk-lib.cloud_assembly_schema.MetadataEntry
 weakened:aws-cdk-lib.cx_api.MetadataEntryResult
+
+# Making kubectlLayer prop required from optional so we can remove the outdated kubectl layer dependency
+strengthened:aws-cdk-lib.aws_eks.ClusterProps
+strengthened:aws-cdk-lib.aws_eks.FargateClusterProps
+removed:aws-cdk-lib.lambda_layer_kubectl.KubectlLayer

packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.fba306965da4b2680dd8b4e6916610efe237162f913f22b10146f647b3f6bce4/apply/__init__.py renamed to packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.024d0b8c5d7cf69ece484efe22f1647e273f484175ef3b79df543b7538da9c81/apply/__init__.py

@@ -1,5 +1,18 @@
 {
  "Resources": {
+  "KubectlLayer600207B5": {
+   "Type": "AWS::Lambda::LayerVersion",
+   "Properties": {
+    "Content": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "f3c812b299b0759c937b41e39d3451f5cc61279c2ec9ee791fac08ba1e56508b.zip"
+    },
+    "Description": "/opt/kubectl/kubectl 1.31.0; /opt/helm/helm 3.16.1",
+    "LicenseInfo": "Apache-2.0"
+   }
+  },
   "EksClusterDefaultVpcB24550B2": {
    "Type": "AWS::EC2::VPC",
    "Properties": {
@@ -1069,7 +1082,7 @@
        {
         "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
        },
-       "/a54913636fe5b4da7d6688df19d4289671bfa613357330c6d2763bdc348bff70.json"
+       "/9872b5bbc2472c123eca8992b3a909e809b086ffec9316c0e03569748114e0e2.json"
       ]
      ]
     }
@@ -1081,6 +1094,9 @@
    "Type": "AWS::CloudFormation::Stack",
    "Properties": {
     "Parameters": {
+     "referencetoawsstepfunctionstasksekscallintegtestKubectlLayer0B270356Ref": {
+      "Ref": "KubectlLayer600207B5"
+     },
      "referencetoawsstepfunctionstasksekscallintegtestEksClusterKubectlHandlerRole61616EA6Arn": {
       "Fn::GetAtt": [
        "EksClusterKubectlHandlerRole4A986A70",
@@ -1116,7 +1132,7 @@
        {
         "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
        },
-       "/6d51c8786511521af8e6837a57a53ed89e15e44471b6c7807fb35b537f5cd77e.json"
+       "/09fe4c7b9e1c434bd66530aea32cf40f7d4055de2ddbcd0273c5e1300b22a277.json"
       ]
      ]
     }

packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/asset.fba306965da4b2680dd8b4e6916610efe237162f913f22b10146f647b3f6bce4/get/__init__.py renamed to packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.024d0b8c5d7cf69ece484efe22f1647e273f484175ef3b79df543b7538da9c81/get/__init__.py

@@ -50,7 +50,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "818f9976c0b6e85dd2696d24402c2a177fb2c520d779e1925160a62523c4f20a.zip"
+     "S3Key": "aea9e78c19375cc11788e490fdd0d8d90a99fc5509f3ade872bff74980f89265.zip"
     },
     "Description": "onEvent handler for EKS cluster resource provider",
     "Environment": {
@@ -123,7 +123,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "818f9976c0b6e85dd2696d24402c2a177fb2c520d779e1925160a62523c4f20a.zip"
+     "S3Key": "aea9e78c19375cc11788e490fdd0d8d90a99fc5509f3ade872bff74980f89265.zip"
     },
     "Description": "isComplete handler for EKS cluster resource provider",
     "Environment": {

packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.fba306965da4b2680dd8b4e6916610efe237162f913f22b10146f647b3f6bce4/helm/__init__.py renamed to packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.024d0b8c5d7cf69ece484efe22f1647e273f484175ef3b79df543b7538da9c81/helm/__init__.py

@@ -7,7 +7,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "fba306965da4b2680dd8b4e6916610efe237162f913f22b10146f647b3f6bce4.zip"
+     "S3Key": "024d0b8c5d7cf69ece484efe22f1647e273f484175ef3b79df543b7538da9c81.zip"
     },
     "Description": "onEvent handler for EKS kubectl resource provider",
     "Environment": {
@@ -21,7 +21,7 @@
       "Ref": "AwsCliLayerF44AAF94"
      },
      {
-      "Ref": "KubectlLayer600207B5"
+      "Ref": "referencetoawsstepfunctionstasksekscallintegtestKubectlLayer0B270356Ref"
      }
     ],
     "MemorySize": 1024,
@@ -59,18 +59,6 @@
     "Description": "/opt/awscli/aws"
    }
   },
-  "KubectlLayer600207B5": {
-   "Type": "AWS::Lambda::LayerVersion",
-   "Properties": {
-    "Content": {
-     "S3Bucket": {
-      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-     },
-     "S3Key": "e35d06c04a5f086530cad7876451b9fbd93ded1d4940950bb104fb78dd322310.zip"
-    },
-    "Description": "/opt/kubectl/kubectl and /opt/helm/helm"
-   }
-  },
   "ProviderframeworkonEventServiceRole9FF04296": {
    "Type": "AWS::IAM::Role",
    "Properties": {
@@ -360,6 +348,9 @@
   }
  },
  "Parameters": {
+  "referencetoawsstepfunctionstasksekscallintegtestKubectlLayer0B270356Ref": {
+   "Type": "String"
+  },
   "referencetoawsstepfunctionstasksekscallintegtestEksClusterKubectlHandlerRole61616EA6Arn": {
    "Type": "String"
   },