feat(s3tables): add support for s3tables

[roseo1]

PR to add s3tables resources:

• table buckets ((aws docs)(https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets.html)
• table bucket namespaces ((aws docs)(https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-namespace.html)
• table bucket tables ((aws docs)(https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-tables.html)

Testing

With config:

regions:
  - eu-west-2
accounts:
  XXXXXXXXXXXX:
      filters:
        ...
        S3TablesBucket:
          - property: Name
            value: roseo-filtered-test
        S3TablesNamespace:
          - property: TableBucketName
            value: roseo-filtered-test
        S3TablesTable:
          - property: TableBucketName
            value: roseo-filtered-test

And dry run:

aws-nuke - v8b83078-dirty - 8b830787cdc6da791d631be4d81ced2d13a7dc2c
Do you really want to nuke the account with the ID XXXXXXXXXXXX and the alias 'xxxxx'?
Do you want to continue? Enter account alias to continue.
> xxxxx

starting scan for resources
...
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-03-16T15:00:01Z" prop:Name=aws-s3 prop:Type=aws state=new state_code=0 type=S3TablesBucket
time="2026-04-23T17:15:46+01:00" level=info msg="filtered: filtered by config" owner=eu-west-2 prop:CreationDate="2026-04-22T13:57:11Z" prop:Name=roseo-filtered-test prop:Type=customer state=filtered state_code=7 type=S3TablesBucket
...
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-17T11:01:02Z" prop:ManagedByService=metadata.s3.amazonaws.com prop:Name=inventory prop:Namespace=b_other-sandbox-mo prop:TableBucketName=aws-s3 prop:Type=aws state=new state_code=0 type=S3TablesTable
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-22T13:56:54Z" prop:ManagedByService=metadata.s3.amazonaws.com prop:Name=inventory prop:Namespace=b_other-sandbox-roseo prop:TableBucketName=aws-s3 prop:Type=aws state=new state_code=0 type=S3TablesTable
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-17T11:01:00Z" prop:ManagedByService=metadata.s3.amazonaws.com prop:Name=journal prop:Namespace=b_other-sandbox-mo prop:TableBucketName=aws-s3 prop:Type=aws state=new state_code=0 type=S3TablesTable
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-22T13:56:53Z" prop:ManagedByService=metadata.s3.amazonaws.com prop:Name=journal prop:Namespace=b_other-sandbox-roseo prop:TableBucketName=aws-s3 prop:Type=aws state=new state_code=0 type=S3TablesTable
time="2026-04-23T17:15:46+01:00" level=info msg="filtered: filtered by config" owner=eu-west-2 prop:CreationDate="2026-04-22T14:32:32Z" prop:Name=test prop:Namespace=my_s3_namespace prop:TableBucketName=roseo-filtered-test prop:Type=customer state=filtered state_code=7 type=S3TablesTable
...
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-17T11:00:59Z" prop:Name=b_other-sandbox-mo prop:TableBucketName=aws-s3 state=new state_code=0 type=S3TablesNamespace
time="2026-04-23T17:15:46+01:00" level=info msg="would remove" owner=eu-west-2 prop:CreationDate="2026-04-22T13:56:52Z" prop:Name=b_other-sandbox-roseo prop:TableBucketName=aws-s3 state=new state_code=0 type=S3TablesNamespace
time="2026-04-23T17:15:46+01:00" level=info msg="filtered: filtered by config" owner=eu-west-2 prop:CreationDate="2026-04-22T14:32:21Z" prop:Name=my_s3_namespace prop:TableBucketName=roseo-filtered-test state=filtered state_code=7 type=S3TablesNamespace
...

Scan complete: 1964 total, 1489 nukeable, 475 filtered.

The above resources would be deleted with the supplied configuration. Provide --no-dry-run to actually destroy resources.

Will be running not in dry-run from my snapshot build to verify over the next couple of days, happy to wait for the outcome of that before this is considered ready.

(some other contribution questions:

• assume the reason its formatted differently in the log output (like snippet above rather than {region} - {resourcetype} - {name} [{properties...}]) is just because its not using the deprecated String, or is that not expected?
• noted that the plan for S3Object from v4 is to be disabled by default and allow S3Bucket to empty and delete. Should this be the pattern S3TableBucket takes from the start? (namespace and table disabled and bucket delete removes all the child resources). ListTables and ListNamespaces don't return the table bucket arn, so deleting them by default as part of S3TableBucket would reduce the annoying nested listing unless opted in
  )

[ekristen]

Please add String() method to each resource and use the closest approximation for the “name” of the resource as the value. This will fix the format issue in the logs and while it’s not 100% required we are keeping backwards compatibility for now.