Managed worker security group will be applied to control plane machines in absence of managed control plane SG

[stephenfin]

/kind bug

What steps did you take and what happened:

cluster-api-provider-openstack/controllers/openstackmachine_controller.go

Lines 502 to 506 in 70494b6

	if util.IsControlPlaneMachine(machine) && openStackCluster.Status.ControlPlaneSecurityGroup != nil {
	managedSecurityGroup = openStackCluster.Status.ControlPlaneSecurityGroup.ID
	} else if openStackCluster.Status.WorkerSecurityGroup != nil {
	managedSecurityGroup = openStackCluster.Status.WorkerSecurityGroup.ID
	}

From code inspection, it appears that if a machine is a control plane machine, a control plane machine security group is not specified, but a worker machine security group is specified, the worker machine SG will be applied to the control plane machine.

What did you expect to happen:

Worker SGs should only be applied to control plane machines and vice versa.

Anything else you would like to add:

None.

Environment:

• Cluster API Provider OpenStack version (Or git rev-parse HEAD if manually built): 70494b6
• Cluster-API version: n/a
• OpenStack version: n/a
• Minikube/KIND version: n/a
• Kubernetes version (use kubectl version): n/a
• OS (e.g. from /etc/os-release): n/a