feat: relax cpu_options schema and add amd_sev_snp + nested_virtualization support

[brilong]

Summary

This PR updates the module’s CPU options plumbing to support newer EC2 Launch Template cpu_options fields (notably nested_virtualization and amd_sev_snp) while also making CPU topology settings optional so users aren’t forced to specify core_count/threads_per_core just to enable other CPU options.

Motivation / Problem

When configuring runners via multi-runner, the cpu_options object currently requires core_count and threads_per_core. This blocks use-cases where users want to set only newly-supported provider fields like nested_virtualization without also pinning CPU topology. AWS itself treats these settings as optional and instance-type-dependent.

What changed

• Relaxed the cpu_options object type so these fields are optional:
  • core_count
  • threads_per_core
• Added optional support for:
  • nested_virtualization (valid: enabled / disabled)
  • amd_sev_snp (valid: enabled / disabled)
• Added validation on amd_sev_snp and nested_virtualization to restrict values to enabled|disabled when set.
• Launch template wiring: updated the aws_launch_template cpu_options block to pass through amd_sev_snp and nested_virtualization (using try(..., null) so unset values remain unset).
• Multi-runner schema updated so per-runner cpu_options can include the new fields and no longer forces core_count/threads_per_core.

Compatibility / Notes

• Existing configurations that set core_count and threads_per_core continue to work.
• Users can now set nested_virtualization or amd_sev_snp without specifying CPU topology.
• AWS will still enforce instance-type support at API time (e.g., nested virt only on supported 8th-gen Intel families; SEV-SNP only on supported AMD families).

Testing

• terraform init
• terraform validate
• terraform plan with cpu_options.nested_virtualization = "enabled" on supported instance families

  instance_types:
    - c8i.xlarge
    - m8i.xlarge
    - r8i.xlarge
  cpu_options:
    nested_virtualization: enabled

Fixes #5040

[brilong]

 aws ec2 describe-launch-template-versions \                                                                                                                                                               
  --launch-template-name u24-nv-xl-amd64-runner \
  --versions '$Latest' \
  --query 'LaunchTemplateVersions[0].LaunchTemplateData.CpuOptions' \
  --output json
{
    "NestedVirtualization": "enabled"
}

[Brend-Smits]

Hey @brilong
Great feature! Thanks a lot for the contribution.
I've tested this change and reviewed it together with @stuartp44
I've pushed some small commits to update the terraform modules and reformatted some code to make the linters happy...

From my perspective this is good to get merged now!

[Brend-Smits]

Small comment, I notice that your (@brilong) commits don't have verified signatures.. This prevents us from merging the pull request. Could you please rebase your PR and make sure the commits are signed?
If you aren't able to do this, please let me know so I can rebase the commits and rewrite it and sign it.

[brilong]

@Brend-Smits I believe I have properly signed and verified my commits. Please take a look at let me know if you need anything else. Thank you!

[Brend-Smits]

@Brend-Smits I believe I have properly signed and verified my commits. Please take a look at let me know if you need anything else. Thank you!

Thanks Brian! I've approved the PR, now waiting for @npalm to merge this.

[brilong]

@npalm How does this look now? I updated the provider constraints to >= 6.33 in multiple places, both examples and module code.

[brilong]

Hello @Brend-Smits, are you waiting on me for anything else? Thanks.

[Brend-Smits]

Good from my point of view. Can we merge this now @npalm ?

[nacef3005]

Really need this change in my use case.

[brilong]

Could you merge this @npalm or do I need to Update branch first? Thanks.

[npalm]

Could you merge this @npalm or do I need to Update branch first? Thanks.

Will do my best

[brilong]

Hello @npalm and @Brend-Smits, I notice another release came out and this PR along with others from @shivdesh are still not merged. What can we do to get these in a release? See #5061 and #5062 . Thank you!

[Brend-Smits]

Hello @npalm and @Brend-Smits, I notice another release came out and this PR along with others from @shivdesh are still not merged. What can we do to get these in a release? See #5061 and #5062 . Thank you!

Hey @brilong,

Unfortunately my approval is not enough to get this PR merged. I'm waiting for #5089 to be reviewed/merged so we can change that. After that it should go a lot smoother. Currently we have a single maintainer who needs to approve to get things in, which is a bottleneck.
In regards to the other PR's, I will try to get to them this week. But work has been a bit more busy than usual.

[brilong]

@Brend-Smits @npalm it has been a few months since this PR was opened and still not merged. Could we prioritize approving and merging our contributions? Thank you.

[jonanderson10]

+1, we would like to leverage this and not have to maintain it in a fork

[Brend-Smits]

Hey @brilong

Sorry for the delay. I've now got permission to merge pull requests in this project.
I will go ahead and merge this now so we can create a new release later on with this feature enabled.

Thanks a lot for your contribution, and again, sorry for the delay..!