[RFE] CAPI should link infrastructure objects to their originating template

[sethp-nr]

User Story

As a provider developer I would like to be able to identify which infrastructure resources were created from a template directly.

Detailed Description

CAPA has a few mutable fields on AWSMachine objects (specifically: security groups and tags) that, as users of CAPA, we would like to be mutable at the "template" level.

The path to the provider being able to reconcile those changes is laid out here: https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/1711

It is possible for the provider to walk back from the specific infrastructure object (the AWSMachine) to the Machine, and from there to the MachineSet where we have an immutable reference to the originating template.

The trouble comes in with KubeadmControlPlanes (and possibly MachinePools?): even if we teach the provider the specific chain of responsibility, that reference is mutable. There's not a guarantee that the current object at the other end of that pointer is the same as the one that produced any given Machine.

It would make the first case much simpler, and the latter case more reliable, if CAPI would note which Template was used at the time of instantiation.

Anything else you would like to add:

It's a small amount of work to add an object reference of some kind when we instantiate the template, but the question is where:

1. Into a well-known field on the provider-specific object, as either an annotation or some mandatory field?
2. Into the Machine object? At least in CAPA, there's already a dependency on the parent Machine for things like bootstrap and Kubernetes version.

/kind feature

[vincepri]

/milestone v0.3.x

[vincepri]

/assign @sedefsavas /milestone v0.3.7