PLT-1625 Service Connect

[mianava]

🎫 Ticket

https://jira.cms.gov/browse/...

🛠 Changes

This PR extends the ECS service module to optionally support ECS Service Connect for mTLS between services, and ALB integration via an externally-provided HTTPS listener ARN. Both features are fully opt-in and should be non-breaking.

What is required change for the subscriber repo to upgrade to this version?

1. dynamic "load_balancer" block now uses a single conditional block driven by local.enable_alb_integration rather than iterating over an external var.load_balancers list, var.load_balancers remains supported during transition
2. service_name_override is retained; local.service_name resolves to var.service_name_override ?? var.platform.service, and local.service_name_full is used for all resource naming

How is ECS service connect configured?

1. Added enable_ecs_service_connect flag (default: false)
2. Added service_connect_namespace — Cloud Map namespace ARN, must be pre-associated with the ECS cluster
3. Added service_connect_port_name — selects which named port mapping to expose via the Service
4. Connect sidecar proxy; defaults to the first named port in port_mappings when only one is present
5. Service Connect DNS name resolves to local.service_name within the namespace, enabling other services to call this one without hardcoded IPs or manual DNS construction

Some features were added to accommodate existing repository configurations and adoption of the common module.

ℹ️ Context

These changes are made to support mTLS

🧪 Validation

[mianava]

Refine this resources block for which ssm parameters are accessible to this function