Support connecting to Azure Container Registry (acr) with managed identity (or similar) like Azure AKS.

[Sxderp]

Title: Support connecting to Azure Container Registry (acr) with managed identity (or similar) like Azure AKS.

Description:
Azure AKS can connect to an ACR instance (using --attach-acr on the CLI) and have access to pull images. Azure Local / Arc AKS does not have a similar functionality. The best we can do is use a service principal. Doing that is somewhat unfortunate as we now have to manage yet another object in Azure. Ideally there would be some integrated way of connecting the registry.

There's some recent work (Azure/AKS#5375) going on for Azure AKS to support a new Kubernetes feature called projected service account tokens. ACR says they already support using them (Azure/acr#828 (comment)). I'm not quite sure how it all ties together, but maybe it's a good starting point since it seems like that's going to be the "preferred" method?