maxSurge 0 / need to avoid parallel downscaling of MDs (and CP)

This issue is somehow related to #2371 ; however:

• #2371 if fixed, would avoid having a long time where MDs are all scaled down at the same time
• #2371 if fixed, would not avoid having all the MDs being roll-updated at the same time (which with maxSurge 0, which is typical in baremetal scenarios, means being scaled down at the same time)

Having all MDs being scaled down at the same time may cause a dimentionning problem (all availability questions can be addressed by having proper PDBs, but dimentioning may be tougher).

It is important to have in mind that on baremetal, we can have the need to define multiple MDs to address hardware heterogeneity, with the need to deploy a given workload across node of multiple MDs.

This issue is about the topic of seeing if we can find a way to let the user express the desire to "not have more than nodes not being down at the same time", or probably "not have more than nodes matching a given label not being down at the same time".

One implementation option could be a "MachineDisruptionBudget" CRD via which users would indicate that no more than machines matching a given label can be down; the operator in charge of this CRD would orchestrate CAPI MachineDeployments via their spec.paused field to pause/resume MD node rolling update to ensure that MachineDisruptionBudgets are respected. We would also need a way to interact with CP Machines.

(this reflects a brainstorm we've had together with @feleouet)