Support AWS SSM and EC2 instance connect endpoint for remote commands

[flostadler]

Right now you can only connect to an EC2 instance using pulumi-command if:

• VPC has internet gateway
• EC2 instance is in public subnet
• key-pair access is enabled (this is disabled in a lot of organizations because it's not easily auditable)
• Security Groups allow internet ingress on SSH port (also forbidden in a lot of organizations)

AWS provides two services that let you connect to EC2 instances that cannot meat the requirements above:

• AWS SSM
• EC2 instance connect endpoint

By extending pulumi-command to support establishing remote connections via those two methods we can offer customers more secure, auditable access to their EC2 instances as well as enable them to use pulumi-command in secured environments that do not permit regular SSH access.