Support for attaching VPC Subnets to network interfaces #9580
Description
This covers adding private VPC Subnet objects to an instance by attaching them to their primary NetworkInterface object. We'll need to add a column to the network_interface table indicating that the subnet is attached to an instance (probably a nullable instance ID column); and then exclude the VPC Subnet when trying to create any other NICs in it. That is, you can use the VPC Subnet for VPC-private address allocation XOR as an attached subnet.
We'll also need to update the InstanceNetworkInterfaceCreate parameter type, and add these subnets to the API view of the NIC and the data passed to the sled-agent. The sled-agent will simply allow traffic in / out to that CIDR block, as we do with transit_ips today.
We also need to include these attached subnets in the VPC's System Router, which will ultimately propagate those routes to the OPTE instances that need them through the existing VPC route-management background task.