Insufficient WAFv2 permissions of albIngress policy

[adw1n]

What happened?
Autogenerated nodegroup role's *PolicyALBIngress policy doesn't have any wafv2 allow actions. Because of that AWS ALB ingress controller is unable to configure WAF due to lack of permissions:

E0508 11:09:33.764826       1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed get WAFv2 webACL for load balancer arn:aws:elasticloadbalancing:eu-central-1:REDACTED:loadbalancer/app/e0d27dff-default-appingres-350b/REDACTED: AccessDeniedException: User: arn:aws:sts::REDACTED:assumed-role/eksctl-auth-branch-nodegroup-auth-NodeInstanceRole-WROWGI7AAD3M/i-REDACTED is not authorized to perform: wafv2:GetWebACLForResource on resource: arn:aws:wafv2:eu-central-1:REDACTED:regional/webacl/*\n\tstatus code: 400, request id: REDACTED"  "controller"="alb-ingress-controller" "request"={"Namespace":"default","Name":"app-ingress"}

What you expected to happen?
Appropriate WAF permissions should be given for the ALB Ingress controller to work with WAF.

How to reproduce it?
Create a cluster using

managedNodeGroups:
    ...
    iam:
      withAddonPolicies:
        albIngress: true

Check missing wafv2 permissions in generated *PolicyALBIngress policy. Use WAF feature of AWS ALB ingress controller https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#waf

Anything else we need to know?
#2068 PR fixes the problem of missing wafv2 permissions.

Versions

$ eksctl version
0.18.0
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-16T11:56:40Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

[cPu1]

Fixed in #2068