Azure Disk Encryption on Session Hosts and Management VM #568

[chbragg]

Overview/Summary

ENHANCEMENT #568 This PR adds the capability to enable Azure Disk Encryption instead of Encryption At Host. Azure Disk Encryption gets deployed to all of the Session Hosts as well as the Management VM and the key is stored in the same key vault in the zeroTrust module. Azure Disk Encryption is needed in situations where Intune validates encryption status for "Compliant Devices". Encryption At Host is unable to report the encryption status to Intune, but Azure Disk Encryption will report the status to Intune because it uses Bitlocker.

Also fixed a couple typos.

This PR fixes/adds/changes/removes

1. Adds the Key Vault Key Uri output to the Key Vault CARML module
2. Adds 'encryptionAtHost' and 'azureDiskEncryption' variables to the bicep templates to deploy different types of encryption to the session hosts and management VM.
3. Removed all "User Assigned Managed Identity" sections that were commented out because these are not used
4. Separated the Encryption deployment from the diskZeroTrust variable. The diskZeroTrust variable will now only deploy the Azure Policies for the disk. The encryption is controlled using one of the two new variables (depending on which type of encryption you want to use.)
5. Updated documentation
6. Updated Portal UI so that the new variables are displayed and you can only select one or the other, not both.

Breaking Changes

1. If you use the diskZeroTrust variable to encrypt the disks, it will no longer do that. Instead, you will have to set 'encryptionAtHost' to true for that encryption to be enabled like it was before this PR. Alternatively, you can use the new 'azureDiskEncryption'.

Testing Evidence

As part of this Pull Request I have

• [X] Read the Contribution Guide and ensured this PR is compliant with the guide
• [X] Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• [X] Checked for duplicate Pull Requests
• [X] Associated it with relevant GitHub Issues
• [ ] (AVD LZA Team Only) Associated it with relevant ADO Items
• [X] Ensured my code/branch is up-to-date with the latest changes in the main branch
• [X] Performed testing and provided evidence.
• [X] Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Docs etc.)

[danycontre]

@chbragg thanks for your contribution, merging on feature branch for testing.

@swathibhat1 @moisesjgomez @jamasten