fix(cloudfront): warn when minimumProtocolVersion is set without custom certificate

[syukawa-gh]

Closes #35404
The minimumProtocolVersion property is only applicable when a custom SSL/TLS certificate is configured. Added a warning annotation.
Exemption Request: Warning annotation only, no CloudFormation output change.

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

✅ A exemption request has been requested. Please wait for a maintainer's review.

[syukawa-gh]

Exemption Request: This fix adds a synth-time validation warning when minimumProtocolVersion is set without a custom certificate. Unit tests are included. Integration test is not applicable as this is a synth-time warning, not a CloudFormation output change.

[syukawa-gh]

Correction to my previous comment: After reviewing the diff more carefully, this PR needs unit tests to be added. I will update this PR with the required tests. The Exemption Request above should be disregarded for the unit test requirement.

[syukawa-gh]

To clarify my earlier comments: unit tests are already included in this PR. The "Correction" comment above was posted in error. The exemption request is for the integration test only — this is a synth-time validation warning that does not change CloudFormation output, and the unit tests verify the warning is emitted correctly.