Allow users to bring your own VPC

GRIT currently provisions the AWS VPC for the user with minimal customization (a CIDR can be specified).

This is super cool and may work for a beta phase with some tweaks but for dedicated customers as @andrewn points out here: https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/2825#note_1559263756

I definitely agree that it would be better to leave VPC setup up to the caller (ie, us). Every customer will have a different requirement here: better that [the caller] provide the network.

This became evident when I looked at the various features you'd need to enable to allow us to tweak things like security group rules and such - the number of variables would greatly expand to cover all use cases and would require us to go back and forth every time we needed additional compliance related features.

The better solution would be to allow the caller of the GRIT module to be able to pass a VPC id for GRIT to deploy to. This could be a VPC that meets certain requirements of course (subnet configuration, certain security group rules, etc.) but would allow us to more easily build in those compliance requirements. We could also provide whatever additional information from the VPC and its associated configurations you might need to deploy GRIT.