Currently, the destroy cluster command will attempt to delete any cluster with a non-none platform where the metadata.json file exists.

Due to PR #1070, metadata.json is created during the create ignition-configs phase, and thus UPI clusters can be destroyed with destroy cluster. This appears to be an unintentional side-effect of the change, and seems unsafe in general as we don't know what the infrastructure is in a UPI cluster. CI tests are not relying on destroy cluster to tear down UPI clusters, and nobody else should be either.

In Azure we validate that the Resource Group supplied by the user is empty, because if it were not then destroy cluster (which deletes the whole Resource Group) would unexpectedly delete non-cluster resources. Because destroy cluster works as soon as the Metadata is created, we must perform this validation at the latest during create ignition-configs.

For ARO's purposes we want to move this validation later, into the PlatformProvisionCheck asset that is only created during create cluster. To make it safe to do so, we should allow destroy cluster to run only if the PlatformProvisionCheck asset is present in the asset store. If it is not present then no infrastructure can have been created by the installer, so there should be nothing for destroy cluster to do.