What would you like to be added:
Currently, VPC CNI always reserve a ENI slot for trunk ENI if the Security Group for Pods feature is enabled through its ENV ENABLE_POD_ENI. If the instance type doesn't support ENI trunking, reserving a slot in those nodes doesn't sound a correct behavior and also cause inefficient usage of ENI resources thus lower IP density. VPC CNI should be knowing not to reserve a ENI for trunk ENI if the instance type doesn't support ENI trunking.

Why is this needed:
Reserving a ENI for trunk when the instance doesn't even support ENI trunking is lowering IP density and thus pod density.