Background

When converting CAPI2MAPI, we convert CAPA's `AdditionalSecurityGroups` into the security groups for MAPA. While this looks correct, there are also fields like `SecurityGroupOverrides` which when present currently, would cause an error.

We need to understand how security groups work today in MAPA, compare that to CAPA, and be certain that we are correctly handling the conversion here.

Is CAPA doing anything else under the hood? Is it currently applying extra security groups that are standard that would otherwise cause issues?

Steps

• Understand how security groups work in CAPA and MAPA
• Determine if our current conversion of security groups is appropriate and understand the role of securityGroupOverrides
• Update documentation/make appropriate changes to the security groups conversion based on the above findings.

Stakeholders

• Cluster infra

Definition of Done

• We are confident that converted machines behave correctly with respect to the security group configuration.

• Docs

• <Add docs requirements for this card>

• Testing

• <Explain testing that will be added>