ci: refactor deployment of infrastructure and add PR validation

[arealmaas]

Issue: #325

What's done:

• Using .bicepparam instead of the json parameters file: No default values are set for most of the parameters now, so will be empty if environment variables are not set
• Split the deployment script: Split the deployBicep.ps1 into several actions that produces values sent as either pure parameters or secrets to the bicep file. Also using the arm-deploy github action instead of command line az. See Deploy.yml
• Flattened object parameters: Flattened the keyvault and secrets parameters for easier visibility and validation
• Triggers a dry-run from pull requests: The Deploy.yml action takes an optional parameter dry-run to

Potential future tasks & discussions:

• Output the result of the what-if to the pull request as a comment.: The way to get this working seems to be using --pretty-print and parsing the value. Haven't found any solution that can do this in a smooth way for us.. 🤔 Maybe this can inspire us: https://dev.to/omiossec/arm-template-deployment-the-what-if-option-for-your-azure-deployments-17f7
• consider using --rollback-on-error: When deploying using the arm-deploy, we could supply the --rollback-on-error flag if we find it necessary
• Potentially use kv.getSecret in bicepparam: Instead of using environment variables we might consider fetching the secrets for the environment in the bicepparam files (or whether that just pollutes the bicepparam file..) https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/key-vault-parameter?tabs=azure-cli#use-getsecret-function
• Use version instead of git_sha: To follow IAC principles more closely we could put the version of the deployed image in the source code. (through a new action that commits the resolved version number maybe), or we could split the deployment of container apps and the rest of the infrastructure

[sonarqubecloud]

Quality Gate failed

Failed conditions

1 Security Hotspot

See analysis details on SonarCloud