fix: DTOSS-8428 letsencrypt certificate module supports multiple DNS domains

[patrickmoore-nc]

Description

• App Service Plan module optional support for SSL certificate binding (may need Azure Policy exemption for public network access to Key Vault). This is to allow the frontend Azure Web Apps to have their public hostname and SSL certificate bindings.
• Linux Web App module support for Custom Domain and certificate bindings, including automated DNS challenge via Hub subscription.
• LetsEncrypt Certificates module support for certificate requests for multiple DNS domains, version pin following broken dependency issues with version 4.0.0, reduced zip verbosity.
• Azure SQL module RBAC role data structure tidy.
• RBAC assignment module fix to prevent RBAC role assignments in remote subscriptions being redeployed every time. Now the role name lookup scope is derived from the target (or 'scope') resource ID.

This change, one of several required in order to publish the Participant Manager and Cohort Manager frontend Azure Web Apps, has proved complex since the SSL certificates exist as entities within the App Service Plan which is a separate Terraform module from the Azure Web App module. The certificate being loaded on also originates in a different Terraform state and Azure subscription (the DTOS Hub). The custom domain binding requires a DNS challenge TXT record to be created - also in the Hub subscription, but this must be done across subscriptions within a child module. Furthermore, the certificates module and the Application Gateway module have required significant changes in order to support a gradual migration from nationalscreening.nhs.uk to screening.nhs.uk.

Linked to:

• feat: DTOSS-8363 Web App custom domain support dtos-participant-manager#152
• feat: DTOSS-8363 Publish Participant Manager www dtos-hub#81

Testing

• Successfully deployed to Participant Manager Dev:
  https://dev.azure.com/nhse-dtos/dtos-participant-manager/_build/results?buildId=17564&view=results
• Successfully deployed to Non-live Hub:
  https://dev.azure.com/nhse-dtos/dtos-hub/_build/results?buildId=17591&view=results

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.