feat(stepfunctions): add JSONata expression support for TaskRole

[t3yamoto]

Issue # (if applicable)

N/A

Reason for this change

The TaskRole class currently supports JSONPath expressions for dynamic role ARN resolution, but does not support JSONata expressions. With the introduction of JSONata support in Step Functions, users should be able to use JSONata expressions for TaskRole credentials as well, providing consistency with other Step Functions features that support both JSONPath and JSONata.

Description of changes

• Added fromRoleArnJsonata() static method to the TaskRole class that accepts JSONata expressions
• Implemented JsonataExpressionTaskRole class with proper JSONata expression validation

The implementation follows the same pattern as the existing JSONPath support, ensuring consistency in the API design. JSONata expressions are validated to ensure they follow the correct {% ... %} syntax.

Describe any new or updated permissions being added

None.

Description of how you validated changes

• Added comprehensive unit tests for the new JSONata functionality in packages/aws-cdk-lib/aws-stepfunctions/test/task-credentials.test.ts covering:
  • Valid JSONata expression handling
  • Invalid expression validation and error throwing
  • Correct roleArn and resource resolution
• Added integration tests to verify JSONata TaskRole works in actual Step Functions state machines in packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.state-machine-credentials.ts that:
  • Creates a state machine with JSONata TaskRole credentials
  • Verifies the state machine deploys successfully with ACTIVE status
• Verified existing JSONPath functionality remains unaffected

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license