User Story:

As a (user persona), when the cluster has IPv6 or dual-stack enabled, I want to be able to define IPv6-family source CIDRs for NodePort Service ingress rules on Security Groups (SGs) attached to cluster nodes. Currently, only IPv4 blocks can be specified.

Why we need this? See motivation:

• https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/3314 
• https://issues.redhat.com//browse/OCPBUGS-43048 

Acceptance Criteria:

Description of criteria:

• A network specification field (e.g. awscluster.spec.network.nodePortIngressRuleIpv6CidrBlocks) to define source CIDR blocks for NodePort Service ingress rule.
• If the field is left empty, CAPA should default to all IPv6 range (i.e. ::/0)
• Alternatively, we can extend the existing field  awscluster.spec.network.NodePortIngressRuleCidrBlocks to accept IPv6 CIDR.

(optional) Out of Scope:

Detail about what is specifically not being delivered in the story

Engineering Details:

• Reference PR: https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/5147
• API type: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/a2d41b76ce36323450961b8f0940c98dc321d078/api/v1beta2/network_types.go#L359-L362 
• SG handling: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/a2d41b76ce36323450961b8f0940c98dc321d078/pkg/cloud/services/securitygroup/securitygroups.go#L648-L670 

This requires/does not require a design proposal.
This requires/does not require a feature gate.