detection_evasion: fixed filter pattern for instance profile usage

[andrew-kline]

There is a misconfiguration in the filter pattern for the instance_profile_abnormal_usage metric filter. The IP -> assumed role for the easy path is currently source_ip == easy_instance_ip && useridentity.arn == hard_path.name, which means that usage of the easy_path instance role outside of the instance will not trigger an alert. This PR adjusts the filter to source_ip == easy_instance_ip && useridentity.arn == easy_path.name.