Dedicated Service Principal for AKS platform integration

[felixzieger]

AKS platform integrations can use the replicator service principal for Azure RBAC integration for AKS.

This only works if the replicator role + assignment is on a scope that includes the subscription where the AKS cluster lives.

But AKS clusters usually live in subscriptions that are not managed by meshStack, as they are part of the landing zone architecture.

To follow least privilege, the platform integration for AKS should deploy its on service principal + roles on the subscription that hosts the cluster.