Write a Terraform dynamic block to generate variable numbers of ingress rules on a security group based on a variable list, with proper precondition validation

Verified steps

1. Define a variable of type list(object({ cidr = string, port = number, protocol = string })) with a validation block that checks each object's port is within the valid range and cidr passes cidrhost validation
2. Inside the aws_security_group resource, replace static ingress blocks with a dynamic "ingress" block that iterates over var.rules using for_each = { for r in var.rules : "${r.protocol}-${r.port}-${r.cidr}" => r }
3. Add a lifecycle precondition block on the security group resource that asserts length(var.rules) > 0 with an error message, preventing an empty security group from being deployed
4. Use the dynamic block's content block to map each iterator attribute to the corresponding ingress argument, referencing ingress.value.cidr, ingress.value.port, and ingress.value.protocol
5. Add a separate dynamic block for egress using a locals-computed list that merges a baseline allow-all-egress rule with any caller-supplied egress rules, demonstrating nested dynamic block composition
6. Output the security group ID and a normalized map of rules using a for expression so consumers can verify which rules were applied without reading raw state