refactor: extract per-resource collectors from ListReachabilityTargets

[nathanhuh]

Summary

`ListReachabilityTargets` in `internal/services/aws/vpc.go` is a 240-line function that fetches 8 different AWS resource types (EC2 instances, ENIs, IGWs, VPC endpoints, VPC peering, transit gateways, VPN gateways, service configs) with inline mapping logic per type. It violates single responsibility and makes adding new resource types risky.

Details

• Each resource type has 10–15 lines of inline mapping logic inside the single function
• Adding a new target type or changing a field mapping requires reading the entire 240-line function to find the right place
• There is no unit-testable seam for individual resource collectors

Checklist

• Extract `collectEC2InstanceTargets()` (lines ~140–160)
• Extract `collectENITargets()` (lines ~161–190)
• Extract `collectIGWTargets()`, `collectVPCEndpointTargets()`, etc. for remaining 6 resource types
• Reduce `ListReachabilityTargets` to ~50 lines of coordination / fan-out
• Verify existing `vpc_test.go` tests still pass

References

• `internal/services/aws/vpc.go:136-375`

Raised from senior code review (2026-05-12).