[Key Vault] Implement 7.3-preview with secure key release

[mccoyp]

Resolves #13562.

This implements the changes for service version 7.3-preview and makes this API version the default. Functional tests for the added key export and key release operations are pending service support and required resource configuration, respectively. Due to a behavior change with key import on vaults, tests that import keys are temporarily pinned to 7.2-preview.

[check-enforcer]

This pull request is protected by Check Enforcer.

What is Check Enforcer?

Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass.

Why am I getting this message?

You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged.

What should I do now?

If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows:
/check-enforcer evaluate
Typically evaulation only takes a few seconds. If you know that your pull request is not covered by a pipeline and this is expected you can override Check Enforcer using the following command:
/check-enforcer override
Note that using the override command triggers alerts so that follow-up investigations can occur (PRs still need to be approved as normal).

What if I am onboarding a new service?

Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment:
/azp run prepare-pipelines
This will run a pipeline that analyzes the source tree and creates the pipelines necessary to build and validate your pull request. Once the pipeline has been created you can trigger the pipeline using the following comment:
/azp run python - [service] - ci

[mccoyp]

/check-enforcer reset

[mccoyp]

/check-enforcer evaluate

[chlowell]

/azp run python - keyvault - ci

[azure-pipelines]

Azure Pipelines failed to run 1 pipeline(s).

[heaths]

I left a few comments on the 32199ca commit. We should change the shape a little based on those comments, but overall it looks good. I think this is fine as-is for now to unblock the CLI/PS.

[heaths]

We might want to include the name and version in the parameters, rather than all three. In fact, in .NET we'd have to change the order anyway, since version is optional and we can't have required parameters after optional parameters. But looking at similar cases, we tend to just consolidate into an "options" or "parameters" (in this case, since it's required, probably the latter) parameter.

[mccoyp]

The remaining parameters are all optional according to the latest swagger changes so I think it makes the most sense to make them kwargs here and drop the class. For other languages that use a parameter object pattern, it might make more sense to move the key name/version into KeyExportParameters, like you said.

[heaths]

We actually hoist up some optional parameters like version because they are important and common. We do that in other APIs. Maybe not parameters, but it's something to discuss further in the channel. For now, not blocking.

[heaths]

If not passed, we probably should generate one.

[chlowell]

/azp run python - keyvault - ci

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[chlowell]

Looks good to me. I left a few initial comments we can revisit later, none of them block a private preview.