docs: Add allowedUnsafeSysctls configuration example for AL2023

Add documentation example showing how to configure allowedUnsafeSysctls
using NodeConfig in EC2NodeClass userData for AL2023 AMI family.

This addresses the gap in documentation for configuring unsafe sysctls,
which is not available in spec.kubelet but can be configured through
UserData using the NodeConfig format.

Related issue: #2099

Author: yk-mt12

website/content/en/docs/concepts/nodeclasses.md

@@ -295,6 +295,25 @@ spec:
           registryPullQPS: 10
 ```
 
+Similarly, you can configure `allowedUnsafeSysctls` for AL2023:
+
+```yaml
+apiVersion: karpenter.k8s.aws/v1
+kind: EC2NodeClass
+spec:
+  amiSelectorTerms:
+    - alias: al2023@latest
+  userData: |
+    apiVersion: node.eks.aws/v1alpha1
+    kind: NodeConfig
+    spec:
+      kubelet:
+        config:
+          allowedUnsafeSysctls:
+            - net.core.somaxconn
+            - net.ipv4.tcp_tw_reuse
+```
+
 Note that when using the `Custom` AMIFamily you will need to specify fields **both** in `spec.kubelet` and `spec.userData`.
 {{% /alert %}}