fix: ACLs must be allowed for cloudfront log bucket

In https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
it's described how since april 2023, new bucket are created with ACLs
disabled. Cloudfront still requires them, so it needs to be set.

In aws/aws-cdk#25358, specifically under
'Using an S3 Bucket for CloudFront logs' there's a solution posted. This
implements that option, to prevent the cloudformation error:
""Invalid request provided: AWS::CloudFront::Distribution: The S3 bucket
that you specified for CloudFront logs does not enable ACL access"

src/CloudfrontStack.ts

@@ -32,7 +32,6 @@ import { RemoteParameters } from 'cdk-remote-stack';
 import { Construct } from 'constructs';
 import { Statics } from './statics';
 
-
 export class CloudfrontStack extends Stack {
   private zone?: IHostedZone;
   constructor(scope: Construct, id: string) {
@@ -189,6 +188,7 @@ export class CloudfrontStack extends Stack {
       eventBridgeEnabled: true,
       enforceSSL: true,
       encryption: S3.BucketEncryption.S3_MANAGED,
+      objectOwnership: S3.ObjectOwnership.OBJECT_WRITER,
       lifecycleRules: [
         {
           id: 'delete objects after 180 days',
@@ -297,4 +297,4 @@ export class CloudfrontStack extends Stack {
       distributionPaths: ['/static/*'],
     });
   }
-}
+}