Bug Fix: Block IMDS in branch ENIs

[JoseVillalta]

Summary

This PR fixes an issue in warmpool branch ENIs. Tasks running on trunk ENIs in awsvpc mode need to block access to IMDS endpoint to be consistent with existing awsvpc behaviour.

Implementation details

Populate the BlockIMDS attribute in VPCBranchENIConfig when we create branch ENIs. This attribute is a config parameter for the CNI plugin to configures vpc branch enis.

Testing

• Tested on Fargate warmpool instances with trunk ENI's using gamma endpoint.
  (See internal document for details)
• make test

Note for external contributors:
make test and make run-integ-tests can run in a Linux development
environment like your laptop. go test -timeout=30s ./agent/... and
.\scripts\run-integ.tests.ps1 can run in a Windows development environment
like your laptop. Please ensure unit and integration tests pass (on at least
one platform) before opening the pull request.
Once you open the pull request, there will be 14 automatic test checks on the bottom
of the pull request, please make sure they all pass before you merge it. You can
use bot/test label to rerun the automatic tests multiple times.
-->

New tests cover the changes:
No, we have end to end tests in Fargate Agent that validates this behavior.

Description for the changelog

Bug: Fixed issue in Fargate Trunk ENIs in non-firecracker platforms. This change blocks IMDS in awsvpc task network namespace.

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

No

Does this PR include the addition of new environment variables in the README?

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.