[sled-agent] Don't implicitly create datasets when launching zones

[jgallagher]

We should fix this either as a part of landing sled-agent-config-reconciler (#8064) or shortly thereafter.

---

This requires invasive changes in ServiceManager. I left this comment as a breadcrumb:

omicron/sled-agent/config-reconciler/src/sled_agent_facilities.rs

Lines 34 to 37 in 03081e1

	// TODO-cleanup This is implemented by
	// `ServiceManager::start_omicron_zone()`, which does too much; we should
	// absorb some of its functionality and shrink this interface. We definitely
	// should not need to pass the full list of U2 zpools.

I think what ought to happen is:

• start_zones_if_needed takes the current set of dataset ensure results (or the most recent one, if we failed to contact the dataset task; I think this is still okay)
• start_zones_if_needed checks the result of ensuring the zone's filesystem_pool and (if relevant) durable dataset, and refuses to start the zone if the dataset failed to ensure
• if the dataset(s) did ensure successfully, it calls out to ServiceManager, but no longer passes all_u2_pools; instead, ServiceManager should use the specific datasets the zone config specifies instead of choosing on its own and/or creating them with no quota if they don't exist

Originally posted by @jgallagher in #8162 (comment)