feat(iam): CompositePrincipal and allow multiple principal types

[eladb]

Relax constraint on IAM policy statement principals such
that multiple principal types can be used in a statement.

Also, the CompositePrincipal class can be use to construct
PolicyPrincipals that consist of multiple principal types
and conditions.

Backfill missing addXxxPrincipal methods.

Deprecate (soft) Anyone in favor of AnyPrincipal.

Fixes #1201

---

Pull Request Checklist

Please check all boxes, including N/A items:

Testing

• Unit test and/or integration test added
• Toolkit change?: integration tests manually executed (paste output to the PR description)
• Init template change?: coordinated update of integration tests (currently maintained in a private repo).

Documentation

• README: README and/or documentation topic updated
• jsdocs: All public APIs documented

Title and description

• Change type: Title is prefixed with change type:
  • fix(module): <title> bug fix (patch)
  • feat(module): <title> feature/capability (minor)
  • chore(module): <title> won't appear in changelog
  • build(module): <title> won't appear in changelog
• Title format: Title uses lower case and doesn't end with a period
• Breaking change?: Last paragraph of description is: BREAKING CHANGE: <describe exactly what changed and how to achieve similar behavior + link to documentation/gist/issue if more details are required>
• References: Indicate issues fixed via: Fixes #xxx or Closes #xxx

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

[eladb]

@rix0rrr I need you to also take a look (IAM library...)

Cannot merge Conditions

[mergify]

Thanks so much for taking the time to contribute to the AWS CDK ❤️

We will shortly assign someone to review this pull request and help get it
merged. In the meantime, please take a minute to make sure you follow this
checklist:

• PR title type(scope): text
  • type: fix, feat, refactor go into CHANGELOG, chore is hidden
  • scope: name of module without aws- or cdk- prefix or postfix (e.g. s3 instead of aws-s3-deployment)
  • text: use all lower-case, do not end with a period, do not include issue refs
• PR Description
  • Rationale: describe rationale of change and approach taken
  • Issues: indicate issues fixed via: fixes #xxx or closes #xxx
  • Breaking?: last paragraph: BREAKING CHANGE: <describe what changed + link for details>
• Testing
  • Unit test added. Prefer to add a new test rather than modify existing tests
  • CLI or init templates change? Re-run/add CLI integration tests
• Documentation
  • README: update module README to describe new features
  • API docs: public APIs must be documented. Copy from official AWS docs when possible
  • Design: for significant features, follow design process