feat: EncryptionAtHost support(cherry-pick to branch aks-release-v0.47.0-1)

[andyzhangx]

Reason for Change:

Ported from PR: #3041

This PR is actually a place holder, it's mainly for AKS to support EncryptionAtHost(Enable Encryption at Host support for VM/VMSS) (JEDI requirement) which is going to be in private preview late this month.

EncryptionAtHost functionality actually does not work by this PR since it depends on

• go sdk ready and upgrade to supported go sdk version
• EncryptionAtHost feature on public regions ready
• subs whitelist

Will make it work when the above 3 requirements are fullfilled.

Issue Fixed:

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Notes:

/assign @xuto2
cc @jluk

[andyzhangx]

I was wrong, we still need this field in aks-engine agent pool

---

Below are the work flow:

1. az aks create --aks-custom-headers EncryptionAtHost=true
2. aks rp do the validation and check whether current vm size in agent pool supports EncryptionAtHost, if yes, set agentPool.EncryptionAtHost=true
3. set EncryptionAtHost flag in ARM template according to agentPool.EncryptionAtHost value