Ok I figured it out, but I'll share. Before I do, I want to add a "caution" because what I'm doing probably isn't a good idea for security reasons (I see this because I have done a bunch of ethical hacking against VM's, and can see the logic behind the setup). The logic behind this default setup where you can't change the network settings by default without sudo, prevents someone who managed to gain access to your system, say as user "www-data" if they exploited your web-front end, and then escalated to the user "vm", they would by default be able to remotely control your networking since I'm changing the system level permissions for the NetworkManager application to grant remote (ssh) access to fully control the networking on the box. It's going to be best if you just use sudo and elevate to change network settings remotely.
In any case, it seems that the permissions are bound to the system rather than specifically to network manager. So the "polkit - Authorization Framework" is the system level tool that grants access to privileged applications FROM an unprivileged "by default" app such as Network Manager. As such I need to create a .pkla file to adjust that authorization (I found this from the ubuntu man pages, specifically: https://manpages.ubuntu.com/manpages/trusty/man8/pklocalauthority.8.html ). So I've stated below, anyone in the sudo group can just change the network settings (i.e. without elevating to sudo, you just need to be part of the sudo group). As such, I verify the permissions changed at the end, and executed my nmcli command to change the profile, and it worked.
root@ubuntu1804:/home/vm# cat /etc/polkit-1/localauthority/50-local.d/test.pkla
[ssh to modify]
Identity=unix-group:sudo
Action=org.freedesktop.NetworkManager.settings.modify.system
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[ssh to enable and disable network]
Identity=unix-group:sudo
Action=org.freedesktop.NetworkManager.enable-disable-network
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[ssh to control the networking]
Identity=unix-group:sudo
Action=org.freedesktop.NetworkManager.network-control
ResultAny=yes
ResultInactive=yes
ResultActive=yes
root@ubuntu1804:/home/vm# systemctl restart polkit
root@ubuntu1804:/home/vm# exit
exit
As you can see the 3 "actions" we defined earlier are now yes to "yes".
vm@ubuntu1804:~$ nmcli general permissions
PERMISSION VALUE
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-wifi no
org.freedesktop.NetworkManager.enable-disable-wwan no
org.freedesktop.NetworkManager.enable-disable-wimax no
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.wifi.share.protected no
org.freedesktop.NetworkManager.wifi.share.open no
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.settings.modify.own auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-statistics no
org.freedesktop.NetworkManager.enable-disable-connectivity-check no
vm@ubuntu1804:~$ nmcli con up DYNAMIC
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)
After this was in place, I am now able to execute the following command as the vm user via ssh:
vm@ubuntu1804:~$ nmcli con up DYNAMIC