feat(ecs): add fargate ephemeral storage encryption to cluster settin…

…gs (aws#30759)

### Issue # (if applicable)

Closes aws#30721

### Reason for this change

Expose api on ECS L2 Cluster construct to encrypt fargate ephemeral storage

### Description of changes

adds new property to pass key for encrypton. 
Updates key policy according to developer documentation

### Description of how you validated changes

Added unit tests to validate cases where cluster has a generated name or a specified name. 

When name is random, the key policy can't be as restrictive since it will generate a cyclic dependency issue due to the Key Policy being inline in KMS

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*