Restrict the permissions for `ingressapplicationgateway-<clustername>` User Managed Identity

[MoaidHathot]

Is your feature request related to a problem? Please describe. When using the AGIC addon, a managed identity called ingressapplicationgateway-<cluster> is automatically created with Contributor role assignment on the Resource Group level. I couldn't find where this behavior is documented, other than that we should grant it Network Contributor, although it is already has Contributor.

Describe the solution you'd like Either restrict the role assignment and use Network Contributor or grant us a way to specify which Managed Identity is used instead of automatically creating one and instead of automatically assigning it a Contributor role.