Allow creation of "Private Clusters"

[itspngu]

/kind feature

Describe the solution you'd like Currently, CAPG is hard-wired to create GCE load balancing components with a public IP address for apiserver access. The nodes themselves do not receive public addresses unless explicitly configured as such, the same should apply to the apiserver's endpoint(s). Being able to provision clusters with access limited by private IP address connectivity would be beneficial for obvious reasons.

Anything else you would like to add: I'm not 100% sure if using private endpoints should be the default - it'd be in line with how address management for nodes currently works, but would also have potential for being a breaking change.

The GKE-specific concept of private clusters is explained here. This feature request is scoped at allowing this to apply for both managed (GKE) and unmanaged (plain Cluster API) clusters.