Management Cluster should not need network reachability to each host

[jamiemonserrate]

Describe the solution you'd like At the moment, we assume that the management cluster can reach each host registered. There are 2 places that we know of at the moment where its true

1. We try to retrieve the ProviderID from the host
2. The Machine Health Checks must be connecting to the host to find out if it needs remediation.

We should remove this dependency. As @yixingjia put it

we should always try to avoid access workload cluster directly from mgmt cluster. and let agent report it’s status instead. Most edge style solution just follow this kind of method.

This will allow users to deploy a management cluster in the public cloud, and deploy hosts in a private network, and not have to punch firewall holes to get this to work.