Add tags to security groups when ManagedSecurityGroups: true

[nikParasyr]

/kind feature

Describe the solution you'd like
Security groups created when ManagedSecurityGroups: true should be tagged when Tags are defined on OpenStackCluster similarly to how network/subnet/router etc are being tagged

Anything else you would like to add:

• i'd like to work on this one
• Question: Should the tags be propagated to openStackCluster.Status similarly to how it's done for network/subnet/router? (it's not done the floatingIp of the loadbalancer but i think that's a bit of a different use case)

[mdbooth]

This sounds like a good feature to me. I don't feel like we should propagate tags to cluster status.

Additionally I wonder if, in general, we should update tags on existing resources. We don't modify the resources themselves after creation, but tags are metadata. Does this immutability include tags? The ability to change tags on existing resources seems useful both to us as developers: to fix a bug at resource creation time, and to users: to change the way resources are identified in a cloud after creation.

[jichenjc]

+1 to include tags to the resource created by CAPO

The ability to change tags on existing resources seems useful both to us as developers

so your suggestion is to allow the update of openstackmachine related CRD so reconcile can update the
openstack resources accordingly? I see no reason to block such as update tag seems reasonable as Day2 operations

[nikParasyr]

The ability to change tags on existing resources seems useful both to us as developers

This does indeed sound like a nice addition. I'd say though that it possibly exceeds tags on SGs, at least all tagged resources, and possibly other configs that can be updated and seem reasonable to be changed as day2 operations. I think this should be tackled in a separate issue though.

For the time being, I opened a PR just adding tags on SGs