fix(cloudfront-origins): add region-aware naming for VPC Origins to prevent multi-region collisions

[pahud]

Issue # (if applicable)

Closes #34799.

Reason for this change

VPC Origins are global AWS resources that require unique names across regions. When deploying identical CloudFront stacks with VPC Origins to multiple regions in the same AWS account, the second deployment fails with "Another vpc origin with the same name already exists within the aws account" because the CDK's Names.uniqueResourceName() function doesn't include region information in name generation.

This prevents users from deploying common multi-region CloudFront architectures where identical stacks are deployed across regions for redundancy or geographic distribution.

Description of changes

Enhanced VPC Origin name generation to conditionally include region suffix when stack environment is resolved, following established CloudFront patterns:

• Added feature flag: @aws-cdk/aws-cloudfront:vpcOriginRegionAwareName (default: false for backward compatibility)
• Enhanced VpcOrigin constructor: Conditionally appends region suffix to generated names when feature flag is enabled and stack region is resolved
• Name length management: Dynamically calculates base name length to ensure total length stays within 64-character AWS limit
• Graceful fallback: Uses default naming when region is unresolved or feature flag is disabled

Name generation examples:

• Default behavior: StackDistributionOrigin1VpcOriginB6F753F8
• With feature flag enabled: StackDistributionOrigin1VpcOriginB6F753F8-us-east-1

Breaking change: Enabling the feature flag will cause VPC Origin resource replacement in existing stacks with resolved environments. This is expected behavior to achieve unique naming across regions.

Describe any new or updated permissions being added

N/A - No IAM permissions or resource access changes. This is purely a resource naming enhancement.

Description of how you validated changes

• Unit tests: Added 6 comprehensive test cases covering feature flag behavior, region resolution, name length validation, and multi-region scenarios
• Integration tests:
  • Existing integ.vpc-origin.js test passes without changes (backward compatibility confirmed)
  • Created new integ.vpc-origin-multi-region.ts test to validate unique naming across regions
  • CloudFormation template generation verified with correct Name properties
• Cross-module testing: Validated feature flag integration across CloudFront, core, and cx-api modules (500+ tests passed)
• Regression testing: All existing VPC Origin functionality preserved, no unintended side effects

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[athewsey]

Hi @pahud, thanks for working on this! Would the recommended-feature-flags.json mean new cdk init apps automatically start enabling this fix/feature after merge & CLI version release? Or would users still need to manually turn it on?