1. Proposed title of this feature request: Additional SG support on VPC Endpoint
2. What is the nature and description of the request? Interface Endpoint for HCP has a default SG created at cluster installation. API should allow for customers to add additional Security Group IDs. 
3. Why does the customer need this? (List the business requirements here) 1/ When the HCP (guest) clusters are private, the API Server connectivity is available from only within the cluster's VPC. Customers have hybrid cloud environment and other VPCs that are attached to cluster's VPC. They can not access the API Server without additional network ingress/egress rules. These rules are encapsulated in the form of Security Groups and referenced in the source/targets. 2/ Without this, customers would have to make the HCP API Server public. 
4. List any affected packages or components. Hosted Control Plane / HyperShift