Disable creation of ipv6 bastion security group inbound rule

[chapitos]

Currently the bastion security group will have at least 2 inbound rules: one ipv4 and one ipv6. There is no way to, for example, exclude the ipv6 inbound rule. In the case where there is no ipv6 address for the source defined for the ipv4 inbound rule, one can only workaround this by, for example, providing a ipv6 private address range (fc00::/7).
It seems to me this is a use case that should be addressed by either controlling creation of ipv6 inbound rule with an additional parameter, or changing the default behaviour of the allowed_ipv6_cidr parameter. The latter does not feel right, as it will not be consistent any more with allowed_ipv4_cidr parameter.

[wilson]

Do we still want this? I could make a PR.