fix(lambda): handle token resolution issues in addToRolePolicy (#34904)

### Issue # (if applicable)

Closes #34894.

### Reason for this change

When createNewPoliciesWithAddToRolePolicy flag is false, addToRolePolicy() fails with CloudFormation intrinsic functions due to token resolution issues. More details in the issue itself.

### Description of changes

This fix detects complex tokens and forces separate inline policies to prevent the error while maintaining backward compatibility.

### Describe any new or updated permissions being added

No new permissions being added


### Description of how you validated changes

Tested the new changes in the broken cdk app that was able to reproduce the issue (used reproduction steps from the original issue). The app can be synth now, and deployed. Verifying the lambda role manually in the console also showed that a single role is preserved but the role policies are now split in 2: one from the string literal and one from the token. Both are correctly resolved.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: alvazjor