Azure fixes - setting correct client ids

[HairyMike]

There are a couple of changes in this PR I made to enable a smooth install on azure aks:

• position of az aks get credentials seemed wrong in the bootstrap script as its trying to create a manifest before it has the creds
• the $AZURE_CLIENT_ID used during az login in the pre/post hooks contains the full resource id in azure, not the user managed identity's client id. Changed to pull it from the values file
• the azure secret provider class needs to use the managed identity from the cluster's node pool

[CLAassistant]

All committers have signed the CLA.

[ceramcardle]

👍

[HairyMike]

one thing to note is that the managed identity in the node-pool's resource group lacks an access policy in the keyvault. I had to manually add this and can't see a way to provision this using the ARM template.