Tighten `Ec2SSMConnect` security group configuration

[droguljic]

Currently Ec2SSMConnect uses one security group for the Ec2 instance and VPC endpoints with inbound/outbound config:

ingress: [
  {
    protocol: 'tcp',
    fromPort: 22,
    toPort: 22,
    cidrBlocks: [vpcOutput.vpc.cidrBlock],
  },
  {
    protocol: 'tcp',
    fromPort: 443,
    toPort: 443,
    cidrBlocks: [vpcOutput.vpc.cidrBlock],
  },
],
egress: [
  { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
],

This should be split into two security groups:

1. Ec2 instance security group with inbound/outbound config:

ingress: [],
egress: [
  { protocol: 'tcp', fromPort: 443, toPort: 443, cidrBlocks: ['0.0.0.0/0'] },
]

2. VPC endpoints security group with inbound/outbound config:

ingress: [
  {
    protocol: 'tcp',
    fromPort: 443,
    toPort: 443,
    cidrBlocks: [vpcOutput.vpc.cidrBlock],
  },
],
egress: [
  { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
]