This contains high priority active security things to adopt trusted
launch, and managed identity rather than SAS tokens when minting the
images, and 1ES Hosted Pools.
Some instructions are rough around the edges because I'm not sure
everything is repeatable yet while this is all in flux...