Fix validation of dns-service-ip in command aks create, so that people won't create broken AKS clusters

[JohnRusk]

Describe the bug There is missing validation on the dns-service-ip parameter in the command az aks create. The CLI does not do the same validation as the Azure portal. The portal does the right thing: it only lets it be used with CNI networking, and it prevents the use of 10.0.0.0 which is not a valid value. The CLI should do the same validation, because otherwise people can create AKS clusters that don't work properly.

To Reproduce Use az aks create to choose Kubnet networking and supply any dns-service-ip. Compare with Azure Portal where that is not allowed.

Use az aks create to choose CNI networking and supply dns-service-ip=10.0.0.0. Compare with Azure Portal where you must supply a value different from 10.0.0.0 when using CNI networking.

Expected behavior Same validation as Azure portal, as described above.

Additional context

Internal IcM number is 211356600

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.

[yonzhan]

aks