chore(s3): ensure Lambda size doesn't grow too large (aws#18660)

In aws#18150, a change was merged that blew up the size of the inline
Lambda beyond its limit of 4096 characters. This change was not
detected because the Lambda constructs being used there didn't use
the regular `aws-lambda` module, but escape hatches that bypass
the regular validation (released in 1.139.0, 2.8.0).

Because this effectively broke S3 notifications, it was rolled back
in aws#18507 (released in 1.140.0, not yet released in 2.x line).

In this PR, add validation to make sure an event like this doesn't
happen again. This will be relevant for aws#18614.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts

@@ -84,11 +84,17 @@ export class NotificationsResourceHandler extends Construct {
         return properties;
       }
     }
+
+    const handlerSource = fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8');
+    if (handlerSource.length > 4096) {
+      throw new Error(`Source of Notifications Resource Handler is too large (${handlerSource.length} > 4096)`);
+    }
+
     const resource = new InLineLambda(this, 'Resource', {
       type: resourceType,
       properties: {
         Description: 'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)',
-        Code: { ZipFile: fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8') },
+        Code: { ZipFile: handlerSource },
         Handler: 'index.handler',
         Role: this.role.roleArn,
         Runtime: 'python3.7',