Asg root device encryption

[qrilka]

Please include the following in your PR:

Please also note that these are not hard requirements, but merely serve to define what maintainers are looking for in PR's. Including these will more likely lead to your PR being reviewed and accepted.

• [x] Update the changelog
• [X] Make sure that modules and files are documented. This can be done inside the module and files.
• [X] Make sure that the linting passes on CI.
• [ ] Make sure that there is an up to date example for your code:
  • For new modules this would entail example code for how to use the module or some explanation in the module readme.
  • For new examples please provide a README explaining how to run the example. It's also ideal to provide a basic makefile to use the example as well.
• [ ] Make sure that there is a manual CI trigger that can test the deployment.

This follows #283 adding root encryption.

[qrilka]

Sample plan:

      ~ root_block_device {
            delete_on_termination = true
          ~ encrypted             = false -> true # forces replacement
          ~ iops                  = 0 -> (known after apply)
            volume_size           = 40
            volume_type           = "gp2"
        }

And AWS console shows root device as encrypted

[ketzacoatl]

Seems like we should also update the asg module's README.md - https://github.com/fpco/terraform-aws-foundation/blob/asg-root-device-encryption/modules/asg/README.md

[qrilka]

But we don't list all the available options - do we really need to say about root device encryption when we don't even say that we support root device size and type?

[qrilka]

@ketzacoatl I've rebased this PR onto #283 and updated README so that one should be merged first