read aks with needed properties and read them locally for des role assignment

[zqingqing1]

This PR is mainly to address this issue: https://dev.azure.com/akstelescope/telescope/_build/results?buildId=55671&view=results

when getting aks and if some properties is nil at agent pool profile , and flatten them into managed cluster could see nil pointer panic. In this PR, we only need to get the properties we care without getting whole MC body.

│ Error: Request cancelled
│
│ with module.aks-cli["nap"].data.azurerm_kubernetes_cluster.aks[0],
│ on aks-cli/main.tf line 300, in data "azurerm_kubernetes_cluster" "aks":
│ 300: data "azurerm_kubernetes_cluster" "aks" {
│
│ The plugin.(*GRPCProvider).ReadDataSource request was cancelled.
╵

Stack trace from the terraform-provider-azurerm_v4.42.0_x5 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x55f413b]

goroutine 4768 [running]:
github.com/hashicorp/terraform-provider-azurerm/internal/services/containers.flattenKubernetesClusterDataSourceAgentPoolProfiles(0xc000017170?)
github.com/hashicorp/terraform-provider-azurerm/internal/services/containers/kubernetes_cluster_data_source.go:1232 +0x85b
github.com/hashicorp/terraform-provider-azurerm/internal/services/containers.dataSourceKubernetesClusterRead(0xc000017170, {0x7295fa0?, 0xc0021d2008?})
github.com/hashicorp/terraform-provider-azurerm/internal/services/containers/kubernetes_cluster_data_source.go:789 +0x103e

test ran: https://dev.azure.com/akstelescope/telescope/_build/results?buildId=55817&view=results

[Copilot]

Pull request overview

This PR mitigates a Terraform azurerm provider panic when reading full AKS managed cluster state (notably around nil agent pool profile fields) by avoiding the azurerm_kubernetes_cluster data source where only a small subset of identity fields/IDs are needed for role assignments.

Changes:

• Replaced AKS read for DES role assignments with an azapi_resource data read that exports only identity and properties.identityProfile.
• Derived AKS and Resource Group IDs locally (via subscription ID + names) to avoid full AKS/RG data-source reads in the VM module.
• Added an aks-cli module versions.tf declaring azurerm/azapi as required providers.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
modules/terraform/azure/virtual-machine/main.tf	Builds RG/AKS resource IDs locally and uses them for VM AKS integration role assignments, removing full AKS/RG data-source reads.
modules/terraform/azure/aks-cli/versions.tf	Declares required Terraform and providers for aks-cli (azurerm + azapi).
modules/terraform/azure/aks-cli/main.tf	Uses azapi_resource to fetch only the minimal AKS identity payload needed for DES role assignments and adds defensive parsing + clearer failure errors.