fix(ssm) don't specify secure string parameter version when not supplied

It is possible to omit the `version` of an SSM SecureString parameter.

When omitted, the reference generated by CDK results in a
ValidationError when applying the changes.

e.g.

```
Error [ValidationError]: Incorrect format is used in the following SSM reference: [{{resolve:ssm-secure:/some/parameter:}}]
```

packages/@aws-cdk/aws-ssm/lib/parameter.ts

@@ -492,7 +492,10 @@ export class StringParameter extends ParameterBase implements IStringParameter {
    */
   public static fromSecureStringParameterAttributes(scope: Construct, id: string, attrs: SecureStringParameterAttributes): IStringParameter {
     const version = attrs.version ? Tokenization.stringifyNumber(attrs.version) : '';
-    const stringValue = new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, `${attrs.parameterName}:${version}`).toString();
+    const stringValue = new CfnDynamicReference(
+      CfnDynamicReferenceService.SSM_SECURE,
+      version ? `${attrs.parameterName}:${version}` : attrs.parameterName,
+    ).toString();
 
     class Import extends ParameterBase {
       public readonly parameterName = attrs.parameterName;

packages/@aws-cdk/aws-ssm/test/parameter.test.ts

@@ -602,7 +602,7 @@ test('StringParameter.fromSecureStringParameterAttributes without version', () =
   });
 
   // THEN
-  expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName:}}');
+  expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName}}');
 });
 
 test('StringListParameter.fromName', () => {