Is your feature request related to a problem?
I'm trying to create a Helm chart to deploy an S3 bucket that follows our company security credentials. For each bucket, we create a dedicated KMS key, but I'm not currently able to do that in a single Helm installation.

The Bucket CRD only has a encryption/rules/applyServerSideEncryptionByDefault/kmsMasterKeyID field, and I need to be able to pass a kmsKeyRef object, much like I can when creating a DBInstance object for RDS.

Describe the solution you'd like
I'd like the Bucket CRD to support encryption/rules/applyServerSideEncryptionByDefault/kmsKeyRef so I can pass in the key object I'm creating.

Describe alternatives you've considered
All the examples I can find online depend on using Bash variables to combine k8s manifests with AWS CLI lookups, but I don't have access to these things in an automated, GitOps-based installation process.