docs: add Azure integration guide link to Bucket spec

Add integration guide link for Azure Blob Storage to maintain
consistency with AWS and GCP provider sections. Streamline Azure
authentication documentation by referencing the comprehensive
integration guide while preserving essential Bucket-specific
information and examples.

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

docs/spec/v1/buckets.md

@@ -301,21 +301,16 @@ metadata:
 
 #### Azure
 
-When a Bucket's `.spec.provider` is set to `azure`, the source-controller will
-attempt to communicate with the specified [Endpoint](#endpoint) using the
-[Azure Blob Storage SDK for Go](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/storage/azblob).
-
-Without a [Secret reference](#secret-reference), authentication using a chain
-with:
+For detailed setup instructions, see: https://fluxcd.io/flux/integrations/azure/#for-azure-blob-storage
 
-- [Environment credentials](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#EnvironmentCredential)
-- [Workload Identity](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#WorkloadIdentityCredential)
-- [Managed Identity](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ManagedIdentityCredential)
-  with the `AZURE_CLIENT_ID`
-- Managed Identity with a system-assigned identity
+When using a [Secret reference](#secret-reference), it expects a Secret with 
+authentication fields (see examples below). Without a Secret reference, 
+authorization using a credential chain with Environment, Workload Identity, 
+and Managed Identity is attempted by default. For Workload Identity 
+authentication, configure the source-controller as described in the integration guide.
 
-is attempted by default. If no chain can be established, the bucket
-is assumed to be publicly reachable.
+The source-controller uses the [Azure Blob Storage SDK for Go](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/storage/azblob)
+to communicate with the specified [Endpoint](#endpoint).
 
 When a reference is specified, it expects a Secret with one of the following
 sets of `.data` fields:
@@ -466,86 +461,6 @@ data:
   accountKey: <BASE64>
 ```
 
-##### Workload Identity
-
-If you have [Workload Identity](https://azure.github.io/azure-workload-identity/docs/installation/managed-clusters.html)
-set up on your cluster, you need to create an Azure Identity and give it
-access to Azure Blob Storage.
-
-```shell
-export IDENTITY_NAME="blob-access"
-
-az role assignment create --role "Storage Blob Data Reader" \
---assignee-object-id "$(az identity show -n $IDENTITY_NAME  -o tsv --query principalId  -g $RESOURCE_GROUP)" \
---scope "/subscriptions/<SUBSCRIPTION-ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<account-name>/blobServices/default/containers/<container-name>"
-```
-
-Establish a federated identity between the Identity and the source-controller
-ServiceAccount.
-
-```shell
-export SERVICE_ACCOUNT_ISSUER="$(az aks show --resource-group <RESOURCE_GROUP> --name <CLUSTER-NAME> --query "oidcIssuerProfile.issuerUrl" -otsv)"
-
-az identity federated-credential create \
-  --name "kubernetes-federated-credential" \
-  --identity-name "${IDENTITY_NAME}" \
-  --resource-group "${RESOURCE_GROUP}" \
-  --issuer "${SERVICE_ACCOUNT_ISSUER}" \
-  --subject "system:serviceaccount:flux-system:source-controller"
-```
-
-Add a patch to label and annotate the source-controller Deployment and ServiceAccount
-correctly so that it can match an identity binding:
-
-```yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - gotk-components.yaml
-  - gotk-sync.yaml
-patches:
-  - patch: |-
-      apiVersion: v1
-      kind: ServiceAccount
-      metadata:
-        name: source-controller
-        namespace: flux-system
-        annotations:
-          azure.workload.identity/client-id: <AZURE_CLIENT_ID>
-        labels:
-          azure.workload.identity/use: "true"
-  - patch: |-
-      apiVersion: apps/v1
-      kind: Deployment
-      metadata:
-        name: source-controller
-        namespace: flux-system
-        labels:
-          azure.workload.identity/use: "true"
-      spec:
-        template:
-          metadata:
-            labels:
-              azure.workload.identity/use: "true"
-```
-
-If you have set up Workload Identity correctly and labeled the source-controller
-Deployment and ServiceAccount, then you don't need to reference a Secret. For more information,
-please see [documentation](https://azure.github.io/azure-workload-identity/docs/quick-start.html).
-
-```yaml
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: Bucket
-metadata:
-  name: azure-bucket
-  namespace: flux-system
-spec:
-  interval: 5m0s
-  provider: azure
-  bucketName: testsas
-  endpoint: https://testfluxsas.blob.core.windows.net
-```
-
 ##### Deprecated: Managed Identity with AAD Pod Identity
 
 If you are using [aad pod identity](https://azure.github.io/aad-pod-identity/docs),