ec2_group: add rule description support - fixes #29040 (#30273)

* ec2_group: add support for rule descriptions.

* Document rule description feature and add an example using it.

* Fix removing rule descriptions.

* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.

* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.

* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.

* Add compatibility with older version of botocore for ec2_group integration tests.

* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.

* Make requested change

* Pass around a variable instead of client

* Make sure has_rule_description defaults to None

* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2

* Remove unnecessary variable

* Fix indentation for changed=True when updating rule descriptions.

* minor refactor to remove duplicate code

* add missing parameter

* Fix pep8

* Update test policy.

hacking/aws_config/testing_policies/ec2-policy.json

@@ -25,6 +25,7 @@
                 "ec2:DeleteNatGateway",
                 "ec2:DeleteSnapshot",
                 "ec2:DeleteSubnet",
+                "ec2:DeleteTags",
                 "ec2:DeleteVpc",
                 "ec2:DeregisterImage",
                 "ec2:Describe*",
@@ -51,7 +52,9 @@
                 "ec2:RevokeSecurityGroupEgress",
                 "ec2:RevokeSecurityGroupIngress",
                 "ec2:RunInstances",
-                "ec2:TerminateInstances"
+                "ec2:TerminateInstances",
+                "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
+                "ec2:UpdateSecurityGroupRuleDescriptionsEgress"
             ],
             "Resource": [
                 "arn:aws:ec2:{{aws_region}}::image/*",