[FEATURE] Support PUBLIC_AND_PRIVATE and Public CIDR Range Filters for EKS Module

[a13zen]

Is your feature request related to a problem? Please describe. As an enterprise user, I would like to:

1. Have my Worker nodes communication stay within my VPC
2. Have the ability to filter the CIDR ranges that are allowed to connect to my EKS API Endpoint

Describe the solution you'd like The current EKS module allows either private or public API endpoint.

1. Add support for specifying PUBLIC_AND_PRIVATE as the target for the EndpointAccess Config
2. Add support for specifying multiple whitelists of CIDR ranges (stored in multiple SSM parameters) and potentially CIDRs from the public amazon ranges (https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html). Concatenate these lists of CIDRs and add them to the EndpointAccess object via the only_from function (https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_eks/EndpointAccess.html#aws_cdk.aws_eks.EndpointAccess)

Describe alternatives you've considered Creating a separate module that configures/locks down API network access. But this means the cluster will always be configured first with public access and then switched to limited access.

Additional context Customers running GuardDuty detect malicious access attempts from IP scanners that attempt to use guest/unauthenticated/anonymous credentials for accessing the EKS API. In order to limit the ability for scanners to be able to invoke the API, filtering based on whitelisted CIDRs is a simple and effective solution.

Switching purely to private endpoints has many knock on effects. For instance, it forced all seedfarmer modules that invoke kubectl to run within the VPC. It also requires all custom resources created by CDK to apply manifests to be run within the VPC. Finally it also requires either Cloud9 or a Bastion host to interact with the EKS API.