Consider using `runuser` instead of `sudo` in userdata script

[phene]

FedRAMP STIG hardening guidelines require that nopasswd should not appear in any sudoers configuration. Unfortunately, this also applies to the root user. Can instances of sudo -u ec2-user be replace with runuser -l ec2-user -g ec2user as runuser is available on AL2023, does not involve sudo, and is only available to the root user?

[npalm]

As long it works with the default image, sound good. Can you make a PR?