docs(cloudfront): add example to update Cloudfront publickey (#34729)

### Issue # (if applicable)

Related to #15301.

### Reason for this change

Users wanted a more detailed guide on how to update the `encodedKey`.

### Description of changes

Add an example to show how to update the key, replaced `logical id` by `id` for more clarity.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: leonmk-aws

packages/aws-cdk-lib/aws-cloudfront/README.md

@@ -1252,7 +1252,24 @@ When using a CloudFront PublicKey, only the `comment` field can be updated after
 Resource handler returned message: "Invalid request provided: AWS::CloudFront::PublicKey"
 ```
 
-To update the `encodedKey`, you must change the logical ID of the public key resource in your template. This causes CloudFormation to create a new `cloudfront.PublicKey` resource and delete the old one during the next deployment.
+To update the `encodedKey`, you must change the ID of the public key resource in your template. This causes CloudFormation to create a new `cloudfront.PublicKey` resource and delete the old one during the next deployment.
+
+Example:
+
+```ts
+// Step 1: Original deployment
+const originalKey = new cloudfront.PublicKey(this, 'MyPublicKeyV1', {
+  encodedKey: '...', // contents of original public_key.pem file
+});
+```
+
+Regenerate a new key and change the construct id in the code:
+```ts
+// Step 2: In a subsequent deployment, create a new key with a different ID
+const updatedKey = new cloudfront.PublicKey(this, 'MyPublicKeyV2', {
+  encodedKey: '...', // contents of new public_key.pem file
+});
+```
 
 
 See: