Set `ReadonlyRootFilesystem` to `true` by default in manifest files

[efekarakus]

Ask

To comply with Security Hub's recommendation of [ECS.5] ECS containers should be limited to read-only access to root filesystems. Copilot should consider generating default manifest files with the following field already populated:

name: my-service

storage:
  readonly_root_fs: true

This way existing deployed service won't break, but newer services will comply with ECS.5 by enabling ReadonlyRootFilesystem: true in the CloudFormation template.