feat(cloudfront-origins): add owner account id support for cross account vpc origins

[kawaaaas]

Issue # (if applicable)

Closes #36935.

Reason for this change

In multi-account architectures, VPC origin resources often reside in a different account from the CloudFront distribution. Without the ownerAccountId property, users must use escape hatches to set OwnerAccountId on the origin configuration.

Description of changes

• Added ownerAccountId as an optional string property to VpcOriginProps.
• Added validation to ensure the value is a 12-digit AWS account ID (when the value is not a token).
• Added a cross-account usage example to the README.

Describe any new or updated permissions being added

None

Description of how you validated changes

unit tests

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.