Use Key Vault secrets instead of cert-manager secret in AKS cluster

[ghidalgo3]

Description

We can no longer use cert-manager and instead the TLS certificate used by the cluster for HTTPS calls must come from a key vault and be made available in the NGINX pods. The certificates were created manually, the changes in this PR are to update AKS to be able to use Key Vault certificates in pods.

There is some unexplained behavior with the NGINX ingress controller where it would not match hosts to TLS certs correctly and the only way to make the ingress controller use the correct cert was to set it as the default. This is not desirable, but it is working and one day will be fixed.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Deployed to planetarycomputer-test.microsoft.com.

Checklist:

Please delete options that are not relevant.

• I have performed a self-review

[TomAugspurger]

Looks good overall.

For the jsonschema stuff, I think you'll need to either upgrade pystac or pin jsonschema. See stac-utils/pystac#1186 and linked issues.