Add a provider implementation for EC2 to support port exposing

Prior to the launch of a new machine instance, a unique EC2 security
group is added. The machine instance is then assigned to this group at
launch. Likewise, terminating the machine will result in the EC2 provider
deleting the security group for the machine.

Given this model of a security group per machine, with one service
unit per machine, exposing and unexposing ports for a service unit
corresponds to EC2's support for authorization and revocation of ports
per security group. In particular, EC2 supports a source address of
``0.0.0.0/0`` that corresponds to exposing the port to the world.

To make this concrete, consider the example of exposing the
``my-wordpress`` service. Once the command ``open-port 80`` has been
run on a given service unit of ``my-wordpress``, then for the
corresponding machine instance, the equivalent of this EC2 command is
run::

    ec2-authorize $MACHINE_SECURITY_GROUP -P tcp -p 80 -s 0.0.0.0/0

Any additional service units of ``my-wordpress``, if they run
``open-port 80``, will likewise invoke the equivalent of the above
command, for the corresponding machine security groups.

If ``my-wordpress`` is unexposed, a ``my-wordpress`` service unit is
removed, the ``my-wordpress`` service is destroyed, or the
``close-port`` command is run for a service unit, then the equivalent
of the following EC2 command is run, for all applicable machines::

    ec2-revoke $MACHINE_SECURITY_GROUP -P tcp -p 80 -s 0.0.0.0/0

Although this section showed the equivalent EC2 commands for
simplicity, txaws will be used for the actual implementation.