fix(terraform): scope CloudWatch S3 policy alarm query

[omribz156]

Closes #8045

Reason for Proposed Changes

• The CloudWatch S3 policy change alarm query was evaluating every aws_cloudwatch_log_metric_filter pattern, so unrelated filters such as [MYTEXT] were reported as wrong S3 policy-change filters.

Proposed Changes

• Scope both query branches to metric filters whose pattern references s3.amazonaws.com.
• Add a negative Terraform sample for the reported [MYTEXT] custom metric filter case.
• Remove the unrelated MFA console sign-in filter findings from the expected positive results.

Verification

• go run ./cmd/console scan -p <query test dir> -q <repo>/assets/queries -b <repo>/assets/libraries -i 27c6a499-895a-4dc7-9617-5c485218db13 --no-progress --ignore-on-exit all --report-formats json --silent
• git diff --check

Note: I also tried the focused query harness with go test ./test -run 'TestQueries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing' -count=1, but it did not finish within a 5 minute local timeout on Windows.

I submit this contribution under the Apache-2.0 license.

This was implemented with Codex assistance, with the patch kept focused and manually reviewed.