--EKS-PATCH-- (aws_credentials): update ecr url validation regex

Description:
* Updates the regex for ECR URL validation to support isolated regions and includes additional testcases for these.

Upstream PR, Issue, KEP, etc. links:
* Kubernetes PR kubernetes#113087 (kubernetes#113087) added this change to 1.26. This patch
isn't a cherry pick, as it was created before the PR was opened.

If this patch is based on an upstream commit, how (if at all) do this patch and the upstream source differ?
* No differences.

If this patch's changes have not been added by upstream, why not?
* N/A

Other patches related to this patch:
* None

Changes made to this patch after its initial creation and reasons for these changes:
* None

Kubernetes version this patch can be dropped:
* v1.26 -- upstream includes these changes starting in this version

Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>

pkg/credentialprovider/aws/aws_credentials.go

@@ -41,7 +41,7 @@ import (
 )
 
 var (
-	ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.amazonaws\.com(\.cn)?$`)
+	ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`)
 	once       sync.Once
 	isEC2      bool
 )

pkg/credentialprovider/aws/aws_credentials_test.go

@@ -82,6 +82,12 @@ func TestRegistryPatternMatch(t *testing.T) {
 		{"123456789012.dkr.ecr-fips.lala-land-1.amazonaws.com", true},
 		// .cn
 		{"123456789012.dkr.ecr.lala-land-1.amazonaws.com.cn", true},
+		// iso
+		{"123456789012.dkr.ecr.us-iso-east-1.c2s.ic.gov", true},
+		// iso-b
+		{"123456789012.dkr.ecr.us-isob-east-1.sc2s.sgov.gov", true},
+		// invalid gov endpoint
+		{"123456789012.dkr.ecr.us-iso-east-1.amazonaws.gov", false},
 		// registry ID too long
 		{"1234567890123.dkr.ecr.lala-land-1.amazonaws.com", false},
 		// registry ID too short