This story is an extension to https://issues.redhat.com/browse/KATA-3967 and the IBM SE capabilities are planned to be added on top of the current dev PR https://github.com/openshift/sandboxed-containers-operator/pull/836/

Consume Node Feature Discovery (NFD) labels to automatically detect IBM SE capabilities and diff them between TDX vs SEV-SNP.

As a cluster administrator, I want automatic detection of IBM SE TEE hardware capabilities, So that the appropriate CoCo runtime is configured without manual specification

Description:

 Implement automatic detection of TEE hardware types using Node Feature Discovery (NFD) labels. The operator should identify IBM SE capable nodes and configure appropriate CoCo runtime based on detected hardware.

  Acceptance Criteria:

  - Detect IBM SE nodes via ibm.feature.node.kubernetes.io/se: "true" NFD label

  Testing Considerations:

  - Unit Tests: Mock NFD labels for IBM SE only scenarios

  - Integration Tests: Node label changes triggering reconciliation

  - Integration Tests: Test with labeled test nodes (mock TEE hardware)

  - Hardware Tests: Test on actual SE-capable hardware

  - Status Tests: Verify accurate TEE type reporting in KataConfig status

  - Negative Tests: Test behavior with no TEE-capable nodes