chore(cloudfront): add validation for configuring response headers policy

[badmintoncryer]

Issue # (if applicable)

None

Reason for this change

When creating a ResponseHeadersPolicy, if we set accessControlAllowCredentials to true in the CORS configuration and include a string containing * in accessControlAllowHeaders, it causes a deployment error. I added validation to prevent this in advance.

10:57:02 PM | CREATE_FAILED        | AWS::CloudFront::ResponseHeadersPolicy      | Dev-PriCo
ach/MainS...ponseHeadersPolicy
Resource handler returned message: "Invalid request provided: AWS::CloudFront::ResponseHeade
rsPolicy: The parameter Access-Control-Allow-Headers cannot contain * when allowCredentials
is true. (Service: CloudFront, Status Code: 400, Request ID: 9298af67-dfb6-4ddc-9cd6-b301e8f
eed3e) (SDK Attempt Count: 1)" (RequestToken: 2cbce7b6-8501-7bf8-aeb8-6781277473a0, HandlerE
rrorCode: InvalidRequest)

Description of changes

Add validation for ResponseHeadersPolicy.

Describe any new or updated permissions being added

None

Description of how you validated changes

Add unit test

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[ozelalisen]

LGTM!

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.