feat(m365): Use Managed Identity for Getting Application Certificate in Container

[jacdavi]

🗣 Description

Based on new features from Microsoft, this changes how we get the application's certificate inside the container.
With this change, we now use a User-Managed Identity to access key vault instead of passing the certificate as a secure environment variable.
This was previously unsupported when deploying in a vnet.

This also removes a configuration option for certificate expiration.
We no longer need to rotate frequently since the certificate remains in key vault, so the expiration is fixed at 1 year.

This also updates our terraform providers to the latest versions (needed for identities to work).

• Requires adding subscription ID to provider
• Some minor variable name changes
• Requires updating storage references (IDs used to be URLs, but aren't anymore)

💭 Motivation and context

Previously we were passing the application certificate as a secure environment variable to the container.
This was not ideal, and had increased the risk of the certificate being leaked.
Since Microsoft has now added supported for using a Managed Identity inside an Azure Container Instance behind a vnet, this PR switches to using that for key vault access.

🧪 Testing

Tested in westus2 with and without a vnet and verified certificate installed in the container

[jacdavi]

FYI @MichaelHicks-MSFT and @eagbaya

Everything should be good to go, though I'd like to test in GCC High and confirm Microsoft's update has rolled out to all regions before merging.

[jacdavi]

Removing the blocked label. While we have not heard confirmation from MS that the feature has been fully rolled out, we have not encountered any issues in any of the regions we have tested in and the rollout was originally planned to be finished in March