feat: Add aws-cn support

[mbergkvist]

• Use AWS::Partition when creating ARN in IAM policy statement, the current partition will be resolved by CloudFormation during deployment.
• The aws partition is not known in all parts of the CDK application when synthesizing. Adding an option to set the partition in an environment variable, enables e.g. Constructs to take decisions based on that.
• Custom resource lambdas operating AWS Organizations uses the correct endpoint based on the partition information.
• The changes are backwards compatible due to defaulting to us-east-1 endpoint if the CDK_AWS_PARTITION is not set.
• The environment variable has also been introduced in https://github.com/cdklabs/cdk-pipelines-github/pull/895.
• These changes are tested in a CDK project with two applications to deploy to both aws and aws-cn partitions, using shared stacks and other resource implementations.

More comments on each commit.

Fixes #

[mbergkvist]

@pflorek Is this ok to be merged? dependabot keeps creating conflicts with this pr and I want to avoid fixing those until it is ready to merge.

[mbergkvist]

The changes are backwards compatible due to defaulting to us-east-1 endpoint if the CDK_AWS_PARTITION is not set. The environment variable has also been introduced in https://github.com/cdklabs/cdk-pipelines-github/pull/895.

https://github.com/cdklabs/cdk-pipelines-github/pull/895 has been merged and released https://github.com/cdklabs/cdk-pipelines-github/releases/tag/v0.4.114.