How to categorize this issue?
/area security
/area control-plane
/kind enhancement

Why is this needed:
A user in the Shoot cluster with only patch/update permissions for a Node can trigger deletion of the Node by annotating it with node.machine.sapcloud.io/trigger-deletion-by-mcm="true".
The annotation based deletion is a potential security risk as discussed on internal issue - (kubernetes/security-cases/issues/82)

What is expected to happen:
Only users with delete permissions to be able to delete Node resources.

How to reproduce it (as minimally and precisely as possible):

1. Create a Shoot.
2. Create an user with only patch/update permissions for Nodes.
3. Make sure that the user from the above step can delete Nodes by annotating them with node.machine.sapcloud.io/trigger-deletion-by-mcm="true".

What would you like to be added:

• Remove support for node.machine.sapcloud.io/trigger-deletion-by-mcm annotation
• Users should be able delete nodes directly using kubectl delete node <node_name>.
• MCM should then proceed to delete the corresponding Machine/VM instance. We could use a custom finalizer on the Node to coordinate this flow, and remove this finalizer when the machine deletion is completed