feat: upgrade EKS module to version 20.37 and add support for AL2023 node pools

[KhaledSaiidi]

This PR prepares our EKS worker migration from Amazon Linux 2 to Amazon Linux 2023 without forcing an immediate in-place replacement of the current AL2 worker pool.

The change moves the EKS module to v20, enables the mixed auth mode required for access entries, adds per-node-pool OS/bootstrap behavior, keeps the existing AL2 pool on the legacy fixed AMI lookup path, and introduces the AL2023 nodeadm bootstrap path for new node groups.

What changed

• Upgraded terraform-aws-modules/eks/aws from ~> 19.21 to ~> 20.37
• Changed cluster auth mode to API_AND_CONFIG_MAP
• Added per-node-pool node_os support
• Added per-node-pool create_access_entry support
• Split bootstrap behavior by node OS:
  • al2 continues to use the legacy bootstrap script path
  • al2023 uses nodeadm-based user data
• Added AL2023-specific templates:
  • templates/nodeadm-user-data.yaml.tpl
  • templates/al2023-registry-mirror.sh.tpl
• Kept AL2 on the legacy fixed AMI name lookup path
• Kept AL2023 on the EKS SSM-recommended AMI path
• Added validation to reject invalid node_os values and block al2 for Kubernetes 1.33+
• Updated the default cluster configs to:
• keep master-generic as 4 AL2 nodes
• add a commented master-generic-al2023 example for blue/green rollout