Migrate custom Key Vault resource to azidentity

[thomas11]

This PR ended up having three distinct but related parts to it.

1. Migrate the custom KV resource to the new azidentity backend. We need to preserve the previous one because it uses a special Autorest authorizer for Key Vault.
2. Use a Key Vault secret in the azure-in-azure integration test. KV secrets need a different authentication audience/scope in the access token and we want to cover this case.
3. A fix that affects master as well: the azure-in-azure test didn't use the correct environment variable for the new backend toggle.

Green run of the azcore workflow using the new backend

Fixes #2432

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[codecov]

Codecov Report

Attention: Patch coverage is 37.87879% with 41 lines in your changes missing coverage. Please review.

Project coverage is 57.28%. Comparing base (7060a50) to head (190ff02).
Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...ources/customresources/custom_keyvault_autorest.go	17.14%	27 Missing and 2 partials ⚠️
...r/pkg/resources/customresources/custom_keyvault.go	15.38%	11 Missing ⚠️
provider/pkg/provider/provider.go	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3664      +/-   ##
==========================================
- Coverage   57.43%   57.28%   -0.15%     
==========================================
  Files          70       72       +2     
  Lines       11131    11180      +49     
==========================================
+ Hits         6393     6405      +12     
- Misses       4257     4292      +35     
- Partials      481      483       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pulumi-bot]

This PR has been shipped in release v2.70.0.