Add option to deploy to Private Subnets for VPN Gateways when using NLB with AWS

[Merlz]

When deploying an LB for VPN Gateways, there is no need to deploy the gateways to public subnets, it goes against best practices when using Load Balancers since they should be the only public facing infrastructure and forwarding to internal subnets.

As another option, if using UDP protocol and NLB with Global Accelerator, then the NLB can be in private subnets as well to keep it completely internal on AWS Networks and reduce the attack surface even further.