Network Load Balancers won't reconcile in main

[nrb]

/kind bug

What steps did you take and what happened:
[A clear and concise description of what the bug is.]

Upgrading from a version of CAPA prior to adding #4733 causes network load balancers to fail reconciliation.

E0212 15:21:48.220015       1 awscluster_controller.go:280] "failed to reconcile load balancer" err=<
        failed to apply security groups to load balancer "aws-us-cw-mf-test-1": InvalidConfigurationRequest: You cannot set security groups on a Network Load Balancer which was created without any security groups.
                status code: 400, request id: 05010ea1-3b8f-4c6c-9674-2f785030006e
 > controller="awscluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="AWSCluster" AWSCluster="system-clusters/aws-us-cw-mf-test-1-66z8p" namespace="system-clusters" name="aws-us-cw-mf-test-1-66z8p" reconcileID="8e92c000-83ee-411e-a9d1-6aa72495b6c8" cluster="system-clusters/aws-us-cw-mf-test-1"

What did you expect to happen:

Network load balancers previously created shouldn't fail to reconcile.

Anything else you would like to add:

The network load balancer documentation states that an NLB created without security groups cannot have security groups added or removed later.

Environment:

• Cluster-api-provider-aws version: master including ✨ Add support for a secondary control plane load balancer #4733
• Kubernetes version: (use kubectl version):
• OS (e.g. from /etc/os-release):

[nrb]

/triage accepted
/priority critical-urgent

[richardcase]

/milestone v2.4.0