1. Proposed title of this feature request

Optional remote access 
2. What is the nature and description of the request?

The default OCP clusters are installed with port 22/SSH opened on worker nodes. The Security Group attached to the worker nodes allow port 22/TCP for SSH access. 
3. Why does the customer need this? (List the business requirements here)

It is security bad practice to keep unwanted ports or sources ON by default - especially TCP/22 (SSH) access. Install clusters by default without this port opened and provide an API for the node pool that allows customers to enable remote access optionally. Update the SG attached to workers to allow TCP/22 as remote access is enabled. 

4. List any affected packages or components.

Hosted Control Plane, Node, Installer