Provision HA microk8s node to act as external ingress (#3025)

Currently, every microk8s node serves as external ingress (see the
`microk8s_ingress_ext_addrs` setting). This poses issues with Cloudflare
[zero-downtime
failover](https://developers.cloudflare.com/fundamentals/basic-tasks/protect-your-origin-server/#zero-downtime-failover).
When we have 3 wato-kube nodes and 1 wato-aks node register the same DNS
entry, and the wato-kube cluster goes down (perhaps a power outage),
zero-downtime failover usually results in timeout because it only fails
over once and 3 nodes are down.

This PR makes it so that the entire wato-kube cluster is treated as a
single failure domain. Now wato-kube and wato-aks each has one DNS
entry, and zero-downtime failover should work as expected. I manually
tested this when wato-kube was down and it worked well.

Because of the small size of the ha node, naturally only the necessary
daemonsets are using it. We'll add an explicit taint in the future if
this causes issues.

Also documented the entire process of provisioning a new microk8s node.

Resolves #2764