Allow default_security_group to have no rules

The current implementation of the aws_default_security_group
uses dynamic blocks for both ingress and egress rules. If no
rules are passed in, then no dynamic blocks are generated,
and no pre-existng rules are changed. In order to implement the
CIS benchmark of no rules, the aws_default_security_group
resorce needs to be created passing empty lists as ingress
and egress rules.

This commit updates the default ingress/egress rules to be
those AWS uses when it initially created the default SG.
It then sets the boolen local.empty_default_security_group
if both ingress and egress rules passed in are empty lists.
Finally it conditionally creates empty aws_default_security_group
resource if local.empty_default_security_group is true.  If
local.empty_default_security_group is false, the original
aws_default_security_group resource is utilized.