[feature] Add ECS modules

[mbarrien]

Summary

Adds ECS service (public facing with a frontend) and ECS job (internal headless applications) modules to the public cztack repo, with separate modules for Fargate and non-Fargate jobs.

Changes relative to internal repo:

• Uses aws_lb_* resources instead of aws_alb_* resources
• Separate modules for fargate and EC2 jobs. EC2 tasks default to host networking and the host's security group, but we add support for awsvpc networking that assigns an ENI with its own security group to the task (Fargate always has this.)
• Variable names do not have fargate_* prefix since module is Fargate-specific.
• We now have a variable called manage_task_definitions instead of relying on a non-empty/non-null task_definition variable. This gets rid of the problem with "count cannot be determined from compute value" errors, but now requires the user to properly specify manage_task_definitions for their use case.
• Supports source security groups for the ingress LB. This will allow us to limit services by security group instead of just CIDR blocks, which is useful when you have a service that only should ever talk to a single upstream service (e.g. a proxy)
• Adds AWS tags to the ECS service and task definitions.

[ryanking]

• Separate modules for fargate and EC2 jobs (note that although theoretically possible, ECS EC2 module does not support

?

[mbarrien]

Fixed PR description

[mbarrien]

Added untested support for awsvpc networking for non-Fargate jobs, via var.awsvpc_network_mode flag. Also added secrets manager for Docker image fetching. Note that using that flag also means that jobs using czecs would need to add networkMode and/or execution role to the definition.