Ensure Mirror Routing can handle complex VPC CIDRs

[chelma]

Description

Per discussion in PR https://github.com/arkime/aws-aio/pull/71, it turns out it's possible to have complex CIDRs composed of several disjoint ranges if you add additional ranges post-creation [1][2]. We should ensure that the mirror routing created by add-vpc can handle these compound ranges.

Follow-up task to https://github.com/arkime/aws-aio/issues/66

[1] https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html [2] https://docs.aws.amazon.com/vpc/latest/userguide/modify-vpcs.html#add-ipv4-cidr

Acceptance Criteria

• Update one or both of the demo traffic VPCs to have compound, disjoint VPC CIDRs
• Confirm that the mirror routing gets configured correctly for that updated VPC

[chelma]

It turns out it's not possible to set up a multi-CIDR VPC via CloudFormation/CDK; you can only do the initial CIDR block during creation and a separate API call is requires post-creation to add additional CIDR blocks. Therefore, the first AC was not performed.

However, I was able to confirm that add-vpc now correctly handles multi-CIDR VPCs using manual testing (see the PR). It should be noted that there's a cap on the number of Traffic Mirror Filter rules (10) per Filter, which means without getting creative our User VPCs can only have 4 CIDR blocks associated with them (otherwise the CloudFormation deployment should fail).

Resolving task.