[cloud] fix VPC behavior for ec2_group module, improve integration tests (#27038)

* Add tests for group in a VPC

* Improve ec2_group output and documentation

Update ec2_group to provide full security group information
Add RETURN documentation to match

* Fix ec2_group creation within a VPC

Ensure VPC ID gets passed when creating security group

* Add test for auto creating SG

* Fix ec2_group auto group creation

* Add backoff to describe_security_groups

Getting LimitExceeded from describe_security_groups is definitely
possible (source: me) so add backoff to increase likelihood of
success.

To ensure that all `describe_security_group` calls are backed off,
remove implicit ones that use `ec2.SecurityGroup`. From there,
the decision to remove the `ec2` boto3 resource and rely on the client
alone makes good sense.

* Tidy up auto created security group

Add resource_prefix to auto created security group and delete
it in the `always` section.
Use YAML argument form for all module parameters

hacking/aws_config/testing_policies/ec2-policy.json

@@ -20,6 +20,7 @@
                 "ec2:CreateVpc",
                 "ec2:DeleteKeyPair",
                 "ec2:DeleteNatGateway",
+                "ec2:DeleteVpc",
                 "ec2:Describe*",
                 "ec2:DisassociateAddress",
                 "ec2:DisassociateRouteTable",