AVD agents, NTFS setup, storage permissions, password escape characters, FSLogix settings

[danycontre]

Overview/Summary

Replace this with a brief description of what this Pull Request fixes, changes, etc.

This PR fixes/adds/changes/removes

1. Removes from storage accounts (FSLogix and MSIX) the use of default share-level permissions to all authenticated users and groups. New model increases user profiles container security, since now users will only have access to their own folders. This was accomplished by assigning SMB RBAC permissions for AAD scenarios and properly setting NTFS permissions for ADDS scenarios. Revamp the session host configuration with a single custom script extension script (Set-SessionHostConfiguration.ps1) that applies all necessary settings on the session hosts (VDI optimization tool, FSLogix registry keys, AAD join registry keys, TZ redirection, auto update disabling, GPU settings, NSTF settings, defender exclusions).
2. Introduce new especial character escaping on the storage join DSC package to properly handle domain join passwords.
3. Portal UI updated to include a field for security principal name when entering values instead of using group dropdown.
4. Azure files hybrid module updated from 2.4 to 2.8
5. FSLogix settings to avoid creation of sessions with local/temp profiles.
6. AVD agent installation and config was revamped to now pull always the latest version of the agents.
7. New variables: varFslogixStorageFqdn varMsixStorageFqdn

Breaking Changes

1. Parameter updates: avdApplicationGroupIdentitiesIds (array) replaced with securityPrincipalId (string) avdIdentityDomainName replaced with identityDomainName
2. Parameters removed: ** applicationGroupIdentityType (code defaults to group type)
3. FSLogix settings were updated to block user session that uses local/temp profiles, the following registry keys are being pushed: HKLM:\SOFTWARE\FSLogix\Profiles\PreventLoginWithFailure HKLM:\SOFTWARE\FSLogix\Profiles\PreventLoginWithTempProfile
4. Parameters deprecated: ** CreateNewOU

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

• [ x] Read the Contribution Guide and ensured this PR is compliant with the guide
• [ x] Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• [ x] Checked for duplicate Pull Requests
• [ x] Associated it with relevant GitHub Issues
• [ x] (AVD LZA Team Only) Associated it with relevant ADO Items
• [ x] Ensured my code/branch is up-to-date with the latest changes in the main branch
• [ x] Performed testing and provided evidence.
• [ x] Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Docs etc.)

** Thank you @jamasten for providing great code baseline and @JamJarchitect and @moisesjgomez for your help.

[danycontre]

@swathibhat1 please help us out socializing with the community, the more people we get testing the better :).

@jcoyne-msft some of the items we had pending were addressed with this PR (AVD agents, NTFS permissions, file share default share-level permissions)