fix: replace deprecated tcp/udp/icmp SG rule blocks in VSI module

[piyush117]

Description

• Update ibm_is_security_group_rule in security_group.tf to use provider-supported top-level fields (protocol, port_min, port_max, type, code) instead of deprecated nested tcp/udp/icmp blocks.
• Add helper locals to derive the effective protocol from existing rule inputs, preserving current module input shape and behavior.
• Remove Terraform deprecation warnings seen when running landing-zone VSI patterns with newer IBM provider versions.

The IBM provider deprecates nested tcp blocks for ibm_is_security_group_rule and recommends using protocol, code, and type (plus port fields for tcp/udp).
This change aligns the VSI module with current provider expectations and avoids warning noise for downstream consumers.

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[piyush117]

/run pipeline

[piyush117]

So for reproducing this warning, I added security_group block in my .tfvars file and I got the same warning,

After I updated the code, there was no warning.

[piyush117]

/run pipeline

[piyush117]

/run pipeline

[jor2]

Version bumps look good. The security group refactor from nested blocks to top-level attributes will force-replace all existing rules on upgrade - call this out in the changelog as a breaking change.

• security_group.tf: Switching from dynamic tcp/udp/icmp blocks to top-level protocol/port_min/port_max/type/code will cause Terraform to destroy and recreate every existing security group rule on the next apply. Add a moved block or document this as a breaking change in the release notes.

[ocofaigh]

@jor2 the PR is in draft state because we have an open issue with provider on the breaking change. See IBM-Cloud/terraform-provider-ibm#6670