feat(cli): add cdk deploy --method=execute-change-set for two-step deployment workflows

[mrgrain]

Fixes #801

This adds a new --method=execute-change-set option to cdk deploy that enables a two-step deployment workflow where users first create a change set for review, then explicitly execute it after inspection.

The motivation comes from users who want to verify exactly what CloudFormation will do before committing to a deployment. While cdk diff infers changes from templates, an actual change set created by CloudFormation is the source of truth for what will happen. This is especially important for stateful resources where accidental replacements can cause data loss.

The intended workflow is:

cdk deploy MyStack --method=prepare-change-set --change-set-name MyChangeSet
# review the change set in the AWS Console or via AWS CLI
cdk deploy MyStack --method=execute-change-set --change-set-name MyChangeSet --require-approval=any-change

The execute-change-set method bypasses synthesis and stack selection entirely since the change set already exists in CloudFormation. In the CLI, this short-circuits directly to toolkit-lib rather than adding a new branch to CdkToolkit, keeping the existing deploy flow untouched. The method requires --change-set-name and exactly one stack name. Options that only apply during change set creation (like --force, --parameters, --no-rollback, --import-existing-resources, --revert-drift) are ignored with a warning when used with this method.

On the toolkit-lib side, a new ExecuteChangeSetDeployment type is added to the DeploymentMethod union, and a new Toolkit.executeChangeSet() method handles the execution by working directly with CloudFormation APIs without requiring a cloud assembly.

Checklist

• This change contains a major version upgrade for a dependency and I confirm all breaking changes are addressed
  • Release notes for the new version:

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov-commenter]

Codecov Report

❌ Patch coverage is 45.23810% with 23 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.96%. Comparing base (718f28c) to head (dc552f8).

Files with missing lines	Patch %	Lines
packages/aws-cdk/lib/cli/cdk-toolkit.ts	11.53%	23 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1271      +/-   ##
==========================================
- Coverage   88.11%   87.96%   -0.15%     
==========================================
  Files          73       73              
  Lines       10359    10398      +39     
  Branches     1410     1421      +11     
==========================================
+ Hits         9128     9147      +19     
- Misses       1204     1223      +19     
- Partials       27       28       +1     

Flag	Coverage Δ
suite.unit	87.96% <45.23%> (-0.15%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.