Azure Databricks all-in-template for private link needs to have AzureDatabricks service tag removed from the NSG definition.

[brucenelson6655]

--------------------MESSAGE FROM ADMIN, DELETE BEFORE SUBMITTING----------------------

Sorry to hear you had a bad experience with one of the templates :worried: But, in case you're just asking a question, we're happy to help. You can also check if the question might already have been asked here https://github.com/Azure/azure-quickstart-templates/issues?utf8=%E2%9C%93&q=is%3Aissue

We've created an outline of recommended sections to fill out that will help make this Pull Request awesome!

--------------------MESSAGE FROM ADMIN, DELETE BEFORE SUBMITTING----------------------

[databricks-all-in-one-template-for-vnet-injection-privateendpoin]]

Issue Details

According to the Azure Databricks Private Link documentation, setting requiredNsgRules to NoAzureDatabricksRules omits the NSG security rules that are otherwise necessary to reach the control plane (i.e. without private link).

However, when deploying the linked all-in-one template with the parameter value NoAzureDatabricksRules, the NSG deployed does have the same security rules.

Repro steps (if necessary, delete otherwise)

1. create azure databricks WS with private link noazuredatabricksrules for NSG.
2. observe that even though NoAzureDatabricksRules was selected the AzureDatabricks service tag remains in the NSG

If you remove the service tag from the ARM template the WS builds correcly.

[brucenelson6655]

The specific change that is needed is to update the ARM template to remove the AzureDatabricks service tag definition.