CredentialsRequest for Azure AD Workload Identity missing disk encryption set read permissions.

- Microsoft.Compute/diskEncryptionSets/read

4.14.0

Every time when creating a machine with a disk encryption set

1. Create workload identity cluster
2. Create keyvault and secret within keyvault
3. Create disk encryption set and point it to keyvault; can use system-assigned identity 
4. Create or modify existing machineset to include a disk encryption set.  
            managedDisk:
              diskEncryptionSet:
                id: /subscriptions/<subscription_id>/resourceGroups/<resource_id>/providers/Microsoft.Compute/diskEncryptionSets/<disk_encryption_set_name>
5. Scale machineset 

'failed to create vm <vm_name>:
        failure sending request for machine steven-wi-cluster-pzqvm-worker-eastus3-mfk5z:
        cannot create vm: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending
        request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed"
        Message="The client ''55c10ba9-f891-4f42-a697-0ab283b86c63'' with object id
        ''55c10ba9-f891-4f42-a697-0ab283b86c63'' has permission to perform action
        ''Microsoft.Compute/virtualMachines/write'' on scope ''/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Compute/virtualMachines/steven-wi-cluster-pzqvm-worker-eastus3-mfk5z'';
        however, it does not have permission to perform action ''read'' on the linked
        scope(s) ''/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Compute/diskEncryptionSets/test-disk-encryption-set''
        or the linked scope(s) are invalid."'

The machine is able to create and join the cluster successfully.

Docs about preparing disk encryption sets on Azure: https://docs.openshift.com/container-platform/4.12/installing/installing_azure/enabling-user-managed-encryption-azure.html