Enable AAD RBAC

[TomAugspurger]

Description

Updates the AKS cluster to use AKS-managed Azure AD integration for RBAC.

This probably requires an updated azuerm provider (the latest is 3.15.1) for the azure_rbac_enabled block to work.

Previously we added the kube context to the default kubeconfig. It looks like the kubelogin tool isn't able to target specific clusters, so I've updated the deployment to write to a local file and exported a KUBECONFIG environment variable pointing to it. I think this will affect how you view this cluster in tools like Lens. You might need to manually add that cluster by pointing to the kubeconfig path.

Is also possible that this will fail until we find the right AAD roles needed for the service principal to do everything (some Kubernetes resources aren't accessible with what seem to be the default permissions)

[TomAugspurger]

I've (hopefully) granted the right Azure AD permissions to the service principal configured in GitHub secrets for the deployment to succeed. I suspect that that's only on merges to main.

[mmcfarland]

I deployed the pctest staging stack with this branch and successfully brought up the cluster with RBAC enabled, and connected to it with my client tools.