Requesting enhancement to support the ability to bring your own HAProxy image to use as the API server proxy on the worker nodes.

Background notes:

• There is a desire for HyperShift providers to set up the management planes with "shared ingress". Similar to https://github.com/openshift/hypershift/blob/main/docs/content/reference/architecture/managed-azure/shared-ingress.md.
• Traffic originating from worker HAProxy needs to send cluster context to shared ingress point fronting the hosted control planes.
• TLV headers are one implementation of how cluster context could be attached to traffic from worker HAProxy.
• HAProxy PROXY protocol v2 with TLV headers are supported with versions 2.9+.
• OCP currently ships HAProxy 2.8 in the OCP release payload.

Design notes:

• Current implementation of "shared ingress" in the context of managed Azure embeds a custom HAProxy image in the HyperShift operator code. This is not desirable given that an operator rebuild is necessary for any updates to the HAProxy image, including simple security patching.
• Needs a method to patch HAProxy image decoupled from the operator.
• API server proxy static pod is a worker node component, so plug point in the NodePool resource would be ideal for this scenario.
• NodePool annotation/label could be considered. Similar to image overrides labels in HostedCluster resources.