feat: Added s3 vpc gateway endpoint

[adv4000]

Description of changes:

Added S3 Gateway Endpoint for Private access to/from S3, also cost saving.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[JiaDe-Wu]

Hi @adv4000, thanks for the contribution! The S3 Gateway Endpoint idea is genuinely valuable — it's free, improves security, and keeps S3 traffic on the AWS private network.

However, we'd like to revisit the design before merging:

S3 Endpoint should be tied to S3 plugin opt-in, not CreateVPCEndpoints
Our design principle for this template is: infrastructure is only created when the user has opted into the feature that needs it. The S3 Gateway Endpoint is only meaningful if the user has chosen to install the S3 plugin. Bundling it with
CreateVPCEndpoints creates infrastructure for a feature the user may never use.

The right approach would be a dedicated parameter (e.g. EnableS3Plugin: true/false) that, when enabled, does both things
together:
1. Creates the S3 Gateway Endpoint
2. Installs the S3 plugin during setup

Please revert the KeyPairName type change
Changing Type: String to Type: AWS::EC2::KeyPair::KeyName causes deployment failures — CloudFormation validates that the value is an existing key pair, so the default "none" is rejected. Please revert this change across all files.
We'd love to get a revised version of this merged — the S3 Endpoint + plugin pairing is a solid feature. Happy to answer any questions on the design. Thanks again!