Currently, the workaround is to perform a 'neutron-port-create' with the required security-groups and then associate the port with the instance via the 'nova-interface-attach' using the 'port-id' parameter. 

[root@osnode2 nova(keystone_admin)]# neutron port-create --security-group custom_sg datanw
Created a new port:
+-----------------------+-------------------------------------------------------------------------------------+
| Field                 | Value                                                                               |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                |
| allowed_address_pairs |                                                                                     |
| binding:host_id       |                                                                                     |
| binding:profile       | {}                                                                                  |
| binding:vif_details   | {}                                                                                  |
| binding:vif_type      | unbound                                                                             |
| binding:vnic_type     | normal                                                                              |
| device_id             |                                                                                     |
| device_owner          |                                                                                     |
| fixed_ips             | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.17"} |
| id                    | 6ad96b2b-eca8-4efa-bebb-97d123a7bf87                                                |
| mac_address           | fa:16:3e:da:cd:b6                                                                   |
| name                  |                                                                                     |
| network_id            | e98cdc79-f385-498e-be99-5bf879f26741                                                |
| security_groups       | 85ee063b-f688-45ad-b35c-a2f102943d32                                                |
| status                | DOWN                                                                                |
| tenant_id             | f32c4fd3c6524d1da40762071934b583                                                    |
+-----------------------+-------------------------------------------------------------------------------------+

[root@osnode2 nova(keystone_admin)]# nova interface-attach --port-id 6ad96b2b-eca8-4efa-bebb-97d123a7bf87 cirros_vm

[root@osnode2 nova(keystone_admin)]# neutron port-show 6ad96b2b-eca8-4efa-bebb-97d123a7bf87
+-----------------------+-------------------------------------------------------------------------------------+
| Field                 | Value                                                                               |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                |
| allowed_address_pairs |                                                                                     |
| binding:host_id       | osnode2                                                                             |
| binding:profile       | {}                                                                                  |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                      |
| binding:vif_type      | ovs                                                                                 |
| binding:vnic_type     | normal                                                                              |
| device_id             | d6221cd5-1e02-4759-9412-1f238b511667                                                |
| device_owner          | compute:None                                                                        |
| extra_dhcp_opts       |                                                                                     |
| fixed_ips             | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.17"} |
| id                    | 6ad96b2b-eca8-4efa-bebb-97d123a7bf87                                                |
| mac_address           | fa:16:3e:da:cd:b6                                                                   |
| name                  |                                                                                     |
| network_id            | e98cdc79-f385-498e-be99-5bf879f26741                                                |
| security_groups       | 85ee063b-f688-45ad-b35c-a2f102943d32                                                |
| status                | ACTIVE                                                                              |
| tenant_id             | f32c4fd3c6524d1da40762071934b583                                                    |
+-----------------------+-------------------------------------------------------------------------------------+