(aws-ecs): FargateService creates new SecurityGroup instead of using VPC default

[bmacher]

According to the documentation of the FargateService the default SecurityGroup of the VPC is being used when no group is defined. However it seems to be implemented differently if you look at:

aws-cdk/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts

Line 804 in daa5d66

securityGroups = [new ec2.SecurityGroup(this, 'SecurityGroup', { vpc })];

A new SecurityGroup is created instead of using the default one of the VPC.