Detect unencrypted S3 buckets and include in health reporting

[Saurabhtbj1201]

This PR adds a new real AWS check to the S3 bundle: detect buckets missing default encryption.
It also wires the check into both SLI metric generation and runbook issue triage.

Type Of Change

• New AWS check in an existing bundle
• New codebundle
• Bug fix
• Documentation update
• Test or validation update

What Changed

• Added a new policy for unencrypted buckets:
  codebundles/aws-c7n-s3-health/s3-unencrypted-buckets.yaml
• Updated SLI flow:
  codebundles/aws-c7n-s3-health/sli.robot
• SLI now Runs public bucket check
  Runs unencrypted bucket check
  Pushes combined unhealthy bucket metric
• Updated runbook flow:
  codebundles/aws-c7n-s3-health/runbook.robot
• Adds issue generation for buckets missing default encryption
• Keeps issue details/remediation aligned with existing bundle style
• Updated bundle README:
  codebundles/aws-c7n-s3-health/README.md
• Included contributor-readiness docs:
  README.md
  CONTRIBUTING.md
  .github/pull_request_template.md

Validation

• Verified no diagnostics errors in updated S3 policy/robot/readme files.
• Functional execution against AWS account not performed in this PR context.

Contributor Checklist

1. No secrets or credentials committed
2. Change scoped to existing bundle behavior
3. New check documented
4. Runbook issue text includes actionable next steps.