Create EFA specific security group for self-managed node groups always

[NicholasBlaskey]

Description

Create EFA specific security group for self-managed node groups always

Self managed nodes don't get the security group mentioned here

Network interfaces of the nodes in any managed node group that you create.

https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Related PR #8509

Tested with this config

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  version: "1.34"
  name: test-cluster
  region: us-west-2

nodeGroups:
  - name: efa-workers
    instanceType: c5n.18xlarge
    minSize: 1
    maxSize: 3
    availabilityZones: ["us-west-2a"]
    efaEnabled: true

and confirmed sg was created for EFA

aws cloudformation describe-stack-resources --region ap-south-1 --stack-name eksctl-test-cluster2-nodegroup-efa-workers --query 'StackResources[?ResourceType==`AWS::EC2::SecurityGroup`].{LogicalId:LogicalResourceId,PhysicalId:PhysicalResourceId}' --output table
---------------------------------------
|       DescribeStackResources        |
+------------+------------------------+
|  LogicalId |      PhysicalId        |
+------------+------------------------+
|  EFASG     |  sg-00c0446ad68da0f67  |
|  SG        |  sg-062f0d531f49b9f8f  |
+------------+------------------------+

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the userdocs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes
• (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[sapphirew]

LGTM. Reopening #8475 since that would still cause race condition for tagging issue with ALB controller