core(eks): support EKS service link role

Prior to April 16, 2020, `AmazonEKSServicePolicy` was required for EKS cluster IAM role. With the new `AWSServiceRoleForAmazonEKS` service-linked role, that policy is no longer required.

This PR removes the `AmazonEKSServicePolicy` from the cluster role.

Closes #7634

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -368,7 +368,6 @@ export class Cluster extends Resource implements ICluster {
       assumedBy: new iam.ServicePrincipal('eks.amazonaws.com'),
       managedPolicies: [
         iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSClusterPolicy'),
-        iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSServicePolicy'),
       ],
     });
 

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json

@@ -641,18 +641,6 @@
                 ":iam::aws:policy/AmazonEKSClusterPolicy"
               ]
             ]
-          },
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/AmazonEKSServicePolicy"
-              ]
-            ]
           }
         ]
       }

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.kubectl-disabled.expected.json

@@ -613,18 +613,6 @@
                 ":iam::aws:policy/AmazonEKSClusterPolicy"
               ]
             ]
-          },
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/AmazonEKSServicePolicy"
-              ]
-            ]
           }
         ]
       }