S3 buckets created/used should use a random suffix

[diego-ojeda-binbash]

Describe the Feature

According to this article, just knowing the name of a bucket, regardless of the bucket being private or public, issuing an unauthorized PUT request will charge the bucket owner.

At the moment, it seems that only making it difficult for attackers to know the bucket name is the only action we can take. That's why we suggest using a random suffix on the bucket name, which is one the recommendations the article makes.