feat(cicd): enable S3-triggered CodePipeline and align IAM/ECR integration

- enable EventBridge notifications on source S3 bucket
- trigger CodePipeline execution on source.zip updates
- fix artifact bucket ARN substitutions
- extend CodePipeline role permissions for S3, CodeBuild, and approvals
- allow Lambda to pull images from ECR via repository policy
- export ECR repository URI and reference it from Lambda

infra/cfn/template-blog-source-bucket.yaml

@@ -16,4 +16,7 @@ Resources:
         - Key: Project
           Value: Git-server
       VersioningConfiguration:
-        Status: Enabled
+        Status: Enabled
+      NotificationConfiguration:
+        EventBridgeConfiguration:
+          EventBridgeEnabled: true