clusterctl move can blow up workload clusters

[magicite]

This might be related to #931.

I tried doing a clusterctl move today as part of a demonstration to others, intending to manually work through the issues in #931, but this time the end result is my workload cluster machines got wiped instead. Here's what I think happened:

1. Started the move, which hit the issues as per clusterctl move misses objects, data in objects, and results in reboot of workload cluster #931
2. In the bootstrap cluster, the [Metal]Machines resources disappeared but the Servers resources remained.
3. One of the bootstrap cluster controllers sees that the Servers have been accepted yet are dirty and unallocated (because the [Metal]Machines are gone), thus, it worked to clean/reboot them
4. Because I hadn't yet updated my DHCP server to point to the new tftp server that is soon to be running on the workload cluster, my workload machines pxe booted from the bootstrap cluster
5. The bootstrap cluster directs the pxe booting workload machines to wipe the disks.

It seems during a move operation, perhaps bootstrap controllers should be disengaged or some other safety mechanism should be enabled.