This fixes the behaviour of ec2.associatePublicIpAddress which cannot safely be set to false when deploying inside a subnet before this commit. Add a new option ec2.usePrivateIpAddress which will default to true in the case that associatePublicIpAddress is false and you are deploying to a subnet. Add supporting code in the ec2 backend to support this option. This required storing some state from the defn in the machine state, but it seems that's already being done for other things like the spot instance price so this seems consistent.
When resuming an interrupted spot instance creation, NixOps would generate a new SSH host key. Since the instance would be created with the original host key, this would cause a "REMOTE HOST IDENTIFICATION HAS CHANGED!" warning from ssh.
This causes the right version of GRUB to be selected regardless of whether this is an old or new instance.