Describe the bug
I used this library as shown in the README, and it didn't deploy because of a missing / invalid KMS key.

To Reproduce

1. Write code like this:

new SesSmtpCredentials(this, 'CsatSesSmtpCredentials', {
  iamUserName: 'csatmail',
});

2. Get error when deploying:

Stack Deployments Failed: Error: The stack named CsatStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Received response status [FAILED] from custom resource. Message returned: Error: An error occurred (InvalidParameterException) when calling the CreateSecret operation: The operation failed because of an invalid KMS key: Invalid keyId aws/secretsmanager (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 7d8aa148-df6c-4f7b-9841-9a17dc591484; Proxy: null)

Expected behavior
Code like in the README should work. Or the README should be changed to reflect actual behavior

Additional context
This works:

const csatKey = new kms.Key(this, 'CsatKey');

new SesSmtpCredentials(this, 'CsatSesSmtpCredentials', {
  iamUserName: 'csatmail',
  kmsKey: csatKey,
});

Is your feature request related to a problem? Please describe.
While this library creates SMTP credentials and stores them in Secrets Manager it doesn't allow settings a resource policy. Some use cases, like RDS option groups, require a resource policy for allowing other AWS resources to access the secret.

Describe the solution you'd like
Allow giving a resource policy property that then gets set on the secret.

Describe alternatives you've considered
There isn't an alternative. You cant easily apply it in the CDK afterwards because the secret returned by the construct is unowned. It's important the secret content is secret so we dont want to just return the creds and create a secret in cloudformation where the secret will then be exposed as attributes.

Additional context
We use this internally for the SQL Server on RDS SSRS option group where we need to provide SMTP credentials through secrets manager.

Proposed implementation
Add code to set the resource policy.

Any currently forseeable downsides to this approach
Nothing besides making this set up more complicated in general.

Is your feature request related to a problem? Please describe.
While this library creates SMTP credentials and stores them in Secrets Manager it doesn't allow retrieval in cases where retrieval occurs from another AWS account because the default KMS key is used. For example when RDS retrieves the secret for an option group it occurs in an AWS owned account and you receive this error:

You can't access a secret from a different AWS account if you encrypt the secret with the default KMS service key.

Describe the solution you'd like
Allow giving passing a non-default KMS key which works around this issue.

Describe alternatives you've considered
No alternative I can think of and this is an easy change.

Additional context
We use this internally for the SQL Server on RDS SSRS option group where we need to provide SMTP credentials through secrets manager and discovered this issue.

Proposed implementation
Add code to allow a custom KMS key

Any currently forseeable downsides to this approach
Nothing besides making this set up more complicated in general.