Implement Ephemeral IPs for guest instances #1333
Description
With the integration of #1298, we have the basic facilities in the control plane to allocate external IP addresses for instance source NAT. That's the standard path instances will have for outbound connectivity to the network outside their VPC. These addresses are invisible to the guest, and don't appear in the public API. They are also not used for inbound connectivity to an instance, such as SSH. (OPTE will currently drop such traffic, and the switch will eventually do so as well.)
To get into an instance, one needs a fixed, well-known IP address, as well as configuration in OPTE and Dendrite that allows inbound connections. This issue tracks the work to provide the first flavor of these, ephemeral IPs. Ephemeral IPs are requested when a guest is provisioned, and they are released when the guest is destroyed. They are not named API resources, though they do appear in the API. (I'm not yet sure how, but possibly under an endpoint like /organizations/{org_name}/projects/{project_name}/instances/{instance_name}/external-ips.) That allows customers to retrieve them so they can connect to the instance, or for using in an IP-based allowlist elsewhere. The entire port range is reserved for the guest in that case, since the inbound ports cannot be rewritten.
Users can't pick a specific IP address using for an Ephemeral IP, but an IP Pool can be referenced by name when creating an instance with an Ephemeral IP.
NOTE: None of this takes into account the current workaround in OPTE to allow inbound connections via the external IPs meant for source NAT. That will go away, hopefully very soon, once boundary services can be stood up to perform the decapsulation of guest traffic from OPTE.