k8s community infra migration: CI tests must use workload identity

[jackfrancis]

As a requirement of the migration of Azure tests to the new Azure-sponsored community prow infra environment, we won't be able to leverage secrets (e.g., passwords) during CI runs.

azuredisk-csi-driver seems to use service principal + secrets for all of its E2E scenarios:

• https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/71740c694492856771ebd6429290f0e558b2f74d/test/utils/credentials/credentials.go#L123-L132

Documentation suggests that the project has first class support for workload identity:

• https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/master/docs/workload-identity.md

In order to continue running E2E tests after the community infra migration (deadline is 1 August) we'll need to update the test implementation to use workload identity instead of service principal secrets.

Here are the relevant large CAPZ PRs that did this work in CAPZ:

• https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/4765
• https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/4978

This is the new environment variable configuration that we expect to ship to prow jobs as part of the conversion:

• https://github.com/kubernetes/test-infra/blob/fdf57bdb742c8fc010412d83cf7d4967a370a4dd/config/jobs/kubernetes-sigs/cluster-api-provider-azure/cluster-api-provider-azure-presets.yaml#L17-L27

Note that the AZURE_CLIENT_ID reference above is the user-assigned ID.

[dtzar]

Related to #2410

[andyzhangx]

/assign @cvvz