Draft: Use Managed Identity for Getting Application Certificate in Container

[jacdavi]

🗣 Description

Based on new features from Microsoft, this changes how we get the application's certificate inside the container.
With this change, we now use a User-Managed Identity to access key vault instead of passing the certificate as a secure environment variable.
This was previously unsupported when deploying in a vnet.

This also removes a configuration option for certificate expiration.
We no longer need to rotate frequently since the certificate remains in key vault, so the expiration is fixed at 1 year.

This also updates our terraform providers to the latest versions (needed for identities to work).

• Requires adding subscription ID to provider
• Some minor variable name changes
• Requires updating storage references (IDs used to be URLs, but aren't anymore)

💭 Motivation and context

Previously we were passing the application certificate as a secure environment variable to the container.
This was not ideal, and had increased the risk of the certificate being leaked.
Since Microsoft has now added supported for using a Managed Identity inside an Azure Container Instance behind a vnet, this PR switches to using that for key vault access.

🧪 Testing

Tested in westus2 with and without a vnet and verified certificate installed in the container

Draft

This is currently a draft as we wait for Microsoft to fully roll out the update to all US commercial and GCC high regions

[jacdavi]

FYI @MichaelHicks-MSFT and @eagbaya

Everything should be good to go, though I'd like to test in GCC High and confirm Microsoft's update has rolled out to all regions before merging.