fix(eks): add support of Helm charts located in ECR of AWS CN region (#…

…29778)

### Issue # (if applicable)

Closes #28460.

### Reason for this change

Current implementation will not identity helm charts stored in ECR on AWS CN regions, and will treat ECR as simple, unauthorized repository. 

### Description of changes

This change add support of ECR on AWS CN region by adding a optional suffix of .cn to the regex.

### Description of how you validated changes

Run the affected regex against helm repo in ECR China (123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn)
```
import re
repository = 'oci://123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn'
private_ecr_pattern = 'oci://(?P<registry>\d+\.dkr\.ecr\.(?P<region>[a-z0-9\-]+)\.amazonaws\.com(\.cn)?)*'
private_registry = re.match(private_ecr_pattern, repository).groupdict()
print(private_registry['registry'])
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py

@@ -100,7 +100,7 @@ def helm_handler(event, context):
 
 def get_oci_cmd(repository, version):
     # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently.
-    private_ecr_pattern = 'oci://(?P<registry>\d+\.dkr\.ecr\.(?P<region>[a-z0-9\-]+)\.amazonaws\.com)*'
+    private_ecr_pattern = 'oci://(?P<registry>\d+\.dkr\.ecr\.(?P<region>[a-z0-9\-]+)\.amazonaws\.com(\.cn)?)*'
     public_ecr_pattern = 'oci://(?P<registry>public\.ecr\.aws)*'
 
     private_registry = re.match(private_ecr_pattern, repository).groupdict()