Allow more flexibility with SG rules and IAM policies

[distilledtee]

This PR contains a few changes to add flexibility in managing the Security Group and Instance Role attached to the satellite instances.

Changes

• Move Ingress/Egress fields in SG definition to explicit resources
  AWS deprecated the use of the ingress and egress fields in the aws_security_group resource. On the reference page there are both a Warning and Note discussing how the resource configured to use these fields may have issues managing multiple CIDRs and explicitly warns not to use these fields with specific Ingress/Egress rules. Since we want to be able to attach additional rules I've moved the existing rules into specific resources.

• Added an override variable for SG rule CIDRs
  By default the ingress rules use the subnet's CIDR. In our use case this was too restrictive so I've added a new variable, sg_cidr_override that if specified will be used as the rule's CIDR instead of the subnet's CIDR

• Changed the instance_profile output to the name instead of ARN
  In order to read an instance_profile as data you need to specify the name of it instead of its ARN. See the data reference page

• Changed the policy attachment method to an explicit attachment resource
  AWS notes in the aws_iam_role reference that managed_policy_arns is not compatible with aws_iam_role_policy_attachments. Since we're adding additional policies, the module can't use managed_policy_arns