feat(aws-certificatemanager): allow users to specify region for DNS certificates

[CaerusKaru]

• CloudFront requires certificates to be registered in the us-east-1 region, so
  this allows users to override the default, which places the certificates in
  whatever region the stack exists in

---

Pull Request Checklist

• Testing
  • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
  • CLI change?: coordinate update of integration tests with team
  • cdk-init template change?: coordinated update of integration tests with team
• Docs
  • jsdocs: All public APIs documented
  • README: README and/or documentation topic updated
  • Design: For significant features, design document added to design folder
• Title and Description
  • Change type: title prefixed with fix, feat and module name in parens, which will appear in changelog
  • Title: use lower-case and doesn't end with a period
  • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
  • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
• Sensitive Modules (requires 2 PR approvers)
  • IAM Policy Document (in @aws-cdk/aws-iam)
  • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
  • Grant APIs (only if not based on official documentation with a reference)

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

[rix0rrr]

Happy to merge this, but currently the tests are failing.

[rix0rrr]

I notice the Route53 record are not necessarily in the same region as the cert. I'm assuming that'll be fine?

[CaerusKaru]

@rix0rrr Yeah, Route53 records are global. Will double-check on undefined region, but pretty sure it’s undefined by default.

[CaerusKaru]

Updated the test file, so CI should pass this time, and confirmed that region is undefined by default.

[CaerusKaru]

@rix0rrr Travis now passing, I suspect CB will be soon behind 👍