Remove the default security group from the AGC generated VPC

[markjschreiber]

Description

The AGC generated VPC will have a default security group (like most basic VPCs) but I doubt we need it and removing it is a better security posture.

Use Case

Rule: securityhub-vpc-default-security-group-closed-8f0adf3f Summary of Rule: Checks whether the default security group for VPC is closed.

Proposed Solution

Remove (or don't create) the default SG in CDK.