Add private endpoint guidance and prerequisites to Argo CD capability creation docs

[rodrigobersa]

Issue #, if available:

Description of changes:

Adds documentation for configuring private endpoints when creating an Argo CD managed capability, and updates prerequisites across all three creation workflows for Private endpoint configuration (all 3 files).

• Added an optional step documenting how to create a VPC interface endpoint using the com.amazonaws.<region>.eks-capabilities service name
• Includes guidance on VPC, subnet (multi-AZ), and security group (port 443) requirements
• Added a disclaimer that by default the Argo CD UI and API endpoint are publicly accessible, and that private endpoint configuration is needed to restrict access
• Added prerequisite: at least one user or group must exist in AWS Identity Center to assign RBAC role mappings and provide access to the Argo CD UI

Per-file details:

argocd-create-cli.adoc

• New "(Optional) Configure a private endpoint" section between Step 1 and Step 2
• Added a second aws eks create-capability command variant showing the --network-configuration parameter with vpcEndpointId

argocd-create-console.adoc

• New optional step in the creation workflow explaining how to enable private endpoint in the console UI
• Added a link to the AWS PrivateLink documentation for creating VPC endpoints

argocd-create-eksctl.adoc

• New "(Optional) Configure a private endpoint" section between Step 2 and Step 3
• Added a second eksctl YAML example showing the networkConfiguration.elasticNetworkInterfaces.vpcEndpointId field
• Added a new Prerequisites section (didn't have one before)

Testing

• Verified AsciiDoc structure and cross-reference formatting
• No build/render validation performed (docs-only change)