Basic VNET integration and security improvements

[ajackfox]

This PR creates the Container Apps Environment in a /23 CIDR 10.x VNET, locks down the storage account so only that VNET can access it, and ensures the storage account and SQL server enforce using TLS 1.2 only.

[ghost]

All CLA requirements met.

[johnnyreilly]

What's the advantage of using a VNet? Feels potentially unnecessary?

[jschluchter]

What's the advantage of using a VNet? Feels potentially unnecessary?

Most Azure customers use VNETs. Not all will need this requirement, but many will.

[lynn-orrell]

What's the advantage of using a VNet? Feels potentially unnecessary?

Actually, this is great. Many customers need things deployed in a completely private manner or in a manner that has access to other resources within the vnet. We can use this as a basis for adding a "private" flag or similar that will allow deployment of the solution into a vnet with private endpoints for the ancillary services. The default can still be public, but having a private option is great.

[johnnyreilly]

Having public and private options available would be awesome

[alicejgibbons]

Agreed. I would be happy to merge this if there was a "private" option in the deploy.sh file that users could toggle between.

[andrwca]

It looks like this may be, in part, superseded by the lockdown work and documentation here:

https://github.com/Azure/reddog-containerapps/blob/main/EGRESS-LOCKDOWN.md.

It it worth reviewing whether this PR is still needed? @lynn-orrell