Implement arbitrary additional ingress rules to support CAPRKE2

[amsuggs37]

/kind feature

Describe the solution you'd like
It appears that CAPZ does not support CAPRKE2 as the RKE2 controlplane/bootstrap providers require additional ingress rules on the cluster loadbalancer for cluster nodes to join the cluster.
CAPZ only listens on port 6443 in the cluster loadbalancer which is not sufficient for the RKE2 nodes.

CAPZ should implement the ability to add an arbitrary number of additional ingress rules on the control plane loadbalancer yaml resource in order to support the CAPRKE2 controlplane/bootstrap providers.

Anything else you would like to add:
See required ports for rke2.
See the example AWS deployment in the CAPRKE2 project for reference.
The CAPRKE2 providers are adopted and documented in the upstream CAPI provider list

Environment:

• cluster-api-provider-azure version: latest
• Kubernetes version: (use kubectl version): 1.30
• OS (e.g. from /etc/os-release): rocky/rhel 9

[Danil-Grigorev]

Hey, I opened a small PR - #5525, to improve UX for this use-case. Would be glad to get a review, and opinions if this change of defaulting behavior for securityRules is acceptable in this case, also fine to change it to a new field (something like additionalSecurityRules) if this is needed.

[Danil-Grigorev]

/assign