PCP-5519: Cherry pick HostResourceGroup upstream PR in palette fork (#990)

[AmitSahastra]

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Checklist:

• squashed commits
• includes documentation
• includes emoji in title
• adds unit tests
• adds or updates e2e tests

Release note:

[bulwark-spectrocloud]

⚠️ GoVulnCheck scan found vulnerabilities:

1. GO-2025-3553
   • Module: github.com/golang-jwt/jwt/v4
   • Found in: v4.5.1
   • Fixed in: v4.5.2
   • Example Traces:
     1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build
2. GO-2025-4123
   • Module: github.com/dvsekhvalnov/jose2go
   • Found in: v1.6.0
   • Fixed in: v1.7.0
   • Example Traces:
     1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls keyring.Get
3. GO-2025-4155
   • Module: stdlib
   • Found in: v1.24.10
   • Fixed in: v1.24.11
   • Example Traces:
     1. cmd/clusterawsadm/ami/helper.go:76:22: ami.LatestPatchRelease calls io.ReadAll, which eventually calls tls.verifyServerCertificate
     2. cmd/clusterawsadm/cloudformation/service/service.go:197:14: service.ShowStackResources calls fmt.Fprintf, which eventually calls tls.loadSession
4. GO-2025-4175
   • Module: stdlib
   • Found in: v1.24.10
   • Fixed in: v1.24.11
   • Example Traces:
     1. cmd/clusterawsadm/ami/helper.go:76:22: ami.LatestPatchRelease calls io.ReadAll, which eventually calls tls.verifyServerCertificate

Please review these findings and fix the issues before merging.

[bulwark-spectrocloud]

⚠️ GoSec scan found code issues:

1. G401: Use of weak cryptographic primitive, Severity: MEDIUM
   • 1. File: /home/runner/work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:532:13
2. G505: Blocklisted import crypto/sha1: weak cryptographic primitive, Severity: MEDIUM
   • 1. File: /home/runner/work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:22:2

Please review these findings and fix the issues before merging.

[spectro-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: AmitSahastra, snehala27
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment