feat: Add VPC networking support for AgentCore Runtime

[sundargthb]

• Add --vpc, --subnets, and --security-groups flags to configure command
• Implement VPC resource validation (same VPC, supported AZs)
• Auto-create service-linked role for VPC networking
• Add network immutability checks to prevent config changes
• Update status command to display VPC configuration

Description

Implements VPC networking support for the AgentCore Runtime Toolkit, enabling agents to securely access private resources within customer VPCs.

• CLI flags for VPC configuration (--vpc, --subnets, --security-groups)
• VPC resource validation (same VPC requirement, supported AZ checks)
• Automatic service-linked role creation (AWSServiceRoleForBedrockAgentCoreNetwork)
• Network configuration immutability enforcement
• Status command VPC display
• Comprehensive validation utilities

Testing

Tested with production VPC setup:

• Private subnets in usw2-az1, usw2-az2
• NAT Gateway for internet access
• Security groups with HTTPS egress
• Successful agent invocations
• ENI creation in correct subnets
• CloudWatch logs working

Test Commands

# Configure with VPC
agentcore configure \
  --entrypoint my_agent.py \
  --vpc \
  --subnets subnet-xxx,subnet-yyy \
  --security-groups sg-zzz

# Launch and verify
agentcore launch
agentcore status  # Should show VPC mode
agentcore invoke '{"prompt": "test"}'

# Verify ENIs created
aws ec2 describe-network-interfaces \
  --filters "Name=subnet-id,Values=subnet-xxx,subnet-yyy"

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• [x ] New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Code refactoring

Testing

• [x ] Unit tests pass locally
• [x ] Integration tests pass (if applicable)
• [x ] Test coverage remains above 80%
• [x ] Manual testing completed

Checklist

• [x ] My code follows the project's style guidelines (ruff/pre-commit)
• [x ] I have performed a self-review of my own code
• [ x] I have commented my code, particularly in hard-to-understand areas
• [x ] I have made corresponding changes to the documentation
• [ x] My changes generate no new warnings
• [x ] I have added tests that prove my fix is effective or that my feature works
• [x ] New and existing unit tests pass locally with my changes
• [x ] Any dependent changes have been merged and published

Security Checklist

• [x ] No hardcoded secrets or credentials
• [x ] No new security warnings from bandit
• [x ] Dependencies are from trusted sources
• [x ] No sensitive data logged

Breaking Changes

None - VPC is opt-in via flags, existing PUBLIC mode unchanged.

N/A

Additional Notes

Add any additional notes or context about the PR here.