Always run kube-apiserver on port 6443 (internally)

[dghubble]

• Require bootstrap-kube-apiserver and kube-apiserver components listen on port 6443 (internally) to allow kube-apiserver pods to run with lower user privilege
• Remove variable apiserver_port. The kube-apiserver listen port is no longer customizable.
• Add variable external_apiserver_port to allow architectures where a load balancer fronts kube-apiserver 6443 backends, but listens on a different port externally. For example, Google Cloud TCP Proxy load balancers cannot listen on 6443