Description of changes:
Add support for the new https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-inbound-federation.html for Amazon Cognito User Pools. This trigger is invoked when a user signs in through a third-party identity provider, allowing a Lambda to inspect and transform federated user attributes before they are mapped to the user pool.

New types:

• CognitoFederationProviderType — string enum with constants for all supported provider types (OIDC, SAML, Facebook, Google, SignInWithApple, LoginWithAmazon)
• CognitoEventUserPoolsInboundFederation — top-level event struct
• CognitoEventUserPoolsInboundFederationRequest — with ProviderName, ProviderType, and Attributes
• CognitoEventUserPoolsInboundFederationAttributes — with TokenResponse, IDToken, UserInfo (OIDC/social) and SAMLResponse (SAML), all map[string]string
• CognitoEventUserPoolsInboundFederationResponse — with UserAttributesToMap as map[string]string

All attribute maps use map[string]string per confirmation from the Cognito team that these fields contain string-only types today, and any future non-string types would be released as a new generation trigger (V2).

Tests:

• OIDC round-trip marshaling test with test fixture
• SAML round-trip marshaling test with test fixture
• Malformed JSON test

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.