Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1

Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1

During the OpenShift 4 installation in SC2S region us-isob-east-1, the ingress operator degrades due to missing "route53:ListTagsForResources" permission from the "openshift-ingress" CredentialsRequest for which customer proactively raised a PR.
--> https://github.com/openshift/cluster-ingress-operator/pull/868

The code disables part of the logic for C2S isolated regions here: https://github.com/openshift/cluster-ingress-operator/blob/d9d1a2b44cc7955a18fbedfdc973daddba67bccd/pkg/dns/aws/dns.go#L167-L168
By not setting tagConfig, it results in the m.tags field to be set nil: https://github.com/openshift/cluster-ingress-operator/blob/d9d1a2b44cc7955a18fbedfdc973daddba67bccd/pkg/dns/aws/dns.go#L212-L222
This then drives the logic in the getZoneID method to use either lookupZoneID or lookupZoneIDWithoutResourceTagging: https://github.com/openshift/cluster-ingress-operator/blob/d9d1a2b44cc7955a18fbedfdc973daddba67bccd/pkg/dns/aws/dns.go#L280-L284
BLAB: the lookupZoneIDWithoutResourceTagging method is only ever called for endpoints.AwsIsoPartitionID, endpoints.AwsIsoBPartitionID regions.

Everytime

1. Create an IPI cluster in  SC2S region us-isob-east-1.

Ingress operator degrades due to missing "route53:ListTagsForResources" permission with following error.
~~~
The DNS provider failed to ensure the record: failed to find hosted zone for record: failed to get tagged resources: AccessDenied: User ....... rye... is not authorized to perform: route53:ListTagsForResources on resource.... hostedzone/.. because no identify based policy allows the route53:ListTagsForResources
~~~

Ingress operator should be in available state for new installation.