[occm] remove SGs from non-existent nodes ports on Update

[EmilienM]

What this PR does / why we need it:

Update applyNodeSecurityGroupIDForLB() to also lookup ports that have the SG tag and detach the SG from the ports that don't belong to the ports of the current list of Nodes.

This will ensure ports are cleaned up if a Node is being removed from a Loadbalancer.

Which issue this PR fixes(if applicable): fixes #2695

Release note:

When a Node is removed from a load balancer, we'll now ensure that its ports don't have the security group associated
with the load balancer.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign fengyunpan2 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[pkg/openstack/OWNERS](https://github.com/kubernetes/cloud-provider-openstack/blob/master/pkg/openstack/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[EmilienM]

/cc dulek mdbooth

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.