feat: DTOSS-8363 Publish Participant Manager www

[patrickmoore-nc]

Description

This change is required to publish web frontends for Participant, and also for Cohort Manager.

• Changes to SSL certificate references in APIM and Application Gateway, to facilitate migration from nationalscreening.nhs.uk to screening.nhs.uk DNS domain.
• Changes to support multiple public DNS zones.
• Major Application Gateway changes to separate config common to both Non-live and Live Hubs, from config specific to each (frontend Azure Web Apps presentations for each individual environment).
• Key Vault access policy to allow Azure App Service to retrieve certificates for Web Apps/Function Apps.
• Public DNS records are dynamically derived from the Application Gateway config - only from public HTTP Listeners, and the domain is determined from the hostname.
• Managed DevOps Pool updated to latest Terraform and azurerm provider, and updated azapi provider. Dev Center resources converted from azapi to azurerm resources. Increase non-live pool to 4 agents. Will require import of resources into Terraform state to avoid replacement of pools.

This change has proved complex, since the SSL certificates exist as entities within the App Service Plan which is a separate Terraform module from the Azure Web App module. The certificate being loaded on also originates in a different Terraform state and Azure subscription (the DTOS Hub). The custom domain binding requires a DNS challenge TXT record to be created - also in the Hub subscription, but this must be done across subscriptions within a child module. Furthermore, the certificates module and the Application Gateway module have required significant changes in order to support a gradual migration from nationalscreening.nhs.uk to screening.nhs.uk.

Linked to:

• fix: DTOSS-8428 letsencrypt certificate module supports multiple DNS domains dtos-devops-templates#142
• feat: DTOSS-8363 Web App custom domain support dtos-participant-manager#152

Testing

• Successfully deployed to Non-live Hub:
  https://dev.azure.com/nhse-dtos/dtos-hub/_build/results?buildId=17591&view=results

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.