fix: disable Cognito self sign-up by default (#115)

## Summary
- Set `selfSignUpEnabled` to `false` on the Cognito UserPool so that
only administrators can create users
- Improves default security posture of the starter kit

Closes #106

Author: badmintoncryer

cdk/lib/constructs/auth/index.ts

@@ -69,7 +69,9 @@ export class Auth extends Construct {
         requireDigits: true,
         minLength: 8,
       },
-      selfSignUpEnabled: true,
+      // Set to true to allow self sign-up.
+      // When false, administrators must create users via the Cognito console or API.
+      selfSignUpEnabled: false,
       signInAliases: {
         username: false,
         email: true,

cdk/test/__snapshots__/serverless-fullstack-webapp-starter-kit-without-domain.test.ts.snap

@@ -1158,7 +1158,7 @@ exports[`Snapshot test 2`] = `
           ],
         },
         "AdminCreateUserConfig": {
-          "AllowAdminCreateUserOnly": false,
+          "AllowAdminCreateUserOnly": true,
         },
         "AutoVerifiedAttributes": [
           "email",

cdk/test/__snapshots__/serverless-fullstack-webapp-starter-kit.test.ts.snap

@@ -1069,7 +1069,7 @@ exports[`Snapshot test 2`] = `
           ],
         },
         "AdminCreateUserConfig": {
-          "AllowAdminCreateUserOnly": false,
+          "AllowAdminCreateUserOnly": true,
         },
         "AutoVerifiedAttributes": [
           "email",