fix(dynamodb): unsupported actions added to table resource policy (#36228)

### Issue # (if applicable)

Closes #32230.

### Reason for this change

`Table` and `TableV2` were adding actions `GetShardItem` and `GetRecord` to the table's resource policy for cross-account resources, service and account principals. The issue is that these actions are not supported in the resource policies. Hence creating a deployment failure

### Description of changes

Separated these actions to only be added to the IAM principal, but not the resource for `Table` and `TableV2` constructs.

### Describe any new or updated permissions being added

No new permissions are added. The `GetShardItem` and `GetRecord` permissions are removed for resource policies.


### Description of how you validated changes

Unit and Integration tests have been modified. The integration test failed to deploy before the fix, but now it succeeds after this fix.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: Abogical

packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/ResourcePolicyTest-v2.assets.json

@@ -18,7 +18,9 @@
     ],
     "Replicas": [
      {
-      "Region": "eu-west-1",
+      "Region": {
+       "Ref": "AWS::Region"
+      },
       "ResourcePolicy": {
        "PolicyDocument": {
         "Statement": [
@@ -30,7 +32,11 @@
             "Fn::Join": [
              "",
              [
-              "arn:aws:iam::",
+              "arn:",
+              {
+               "Ref": "AWS::Partition"
+              },
+              ":iam::",
               {
                "Ref": "AWS::AccountId"
               },
@@ -50,6 +56,70 @@
    },
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
+  },
+  "TableTestV22DC2AC9BC": {
+   "Type": "AWS::DynamoDB::GlobalTable",
+   "Properties": {
+    "AttributeDefinitions": [
+     {
+      "AttributeName": "id",
+      "AttributeType": "S"
+     }
+    ],
+    "BillingMode": "PAY_PER_REQUEST",
+    "KeySchema": [
+     {
+      "AttributeName": "id",
+      "KeyType": "HASH"
+     }
+    ],
+    "Replicas": [
+     {
+      "Region": {
+       "Ref": "AWS::Region"
+      },
+      "ResourcePolicy": {
+       "PolicyDocument": {
+        "Statement": [
+         {
+          "Action": [
+           "dynamodb:BatchGetItem",
+           "dynamodb:ConditionCheckItem",
+           "dynamodb:DescribeTable",
+           "dynamodb:GetItem",
+           "dynamodb:Query",
+           "dynamodb:Scan"
+          ],
+          "Effect": "Allow",
+          "Principal": {
+           "AWS": {
+            "Fn::Join": [
+             "",
+             [
+              "arn:",
+              {
+               "Ref": "AWS::Partition"
+              },
+              ":iam::",
+              {
+               "Ref": "AWS::AccountId"
+              },
+              ":root"
+             ]
+            ]
+           }
+          },
+          "Resource": "*"
+         }
+        ],
+        "Version": "2012-10-17"
+       }
+      }
+     }
+    ]
+   },
+   "UpdateReplacePolicy": "Retain",
+   "DeletionPolicy": "Retain"
   }
  },
  "Parameters": {