Add Azure Key Vault resource to backend setup

Introduces an azurerm_key_vault resource named 'dbatoolsci' with RBAC authorization enabled, soft delete retention, and purge protection settings. Also adds data source for current Azure client config.

Author: potatoqualitee

gh-runners/tests/backend-setup/main.tf

@@ -31,3 +31,17 @@ resource "azurerm_storage_container" "tfstate" {
   storage_account_name  = azurerm_storage_account.tfstate.name
   container_access_type = "private"
 }
+
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_key_vault" "vmss" {
+  name                       = "dbatoolsci"
+  resource_group_name        = azurerm_resource_group.tfstate.name
+  location                   = azurerm_resource_group.tfstate.location
+  tenant_id                  = data.azurerm_client_config.current.tenant_id
+  sku_name                   = "standard"
+  soft_delete_retention_days = 7
+  purge_protection_enabled   = false
+
+  enable_rbac_authorization = true
+}