Add Centralized Log Analytics Workspace and add Security Center

[shawngib]

Description

For the purposes of understand security and compliance posture of a landing zone the following changes will the use of Azure Security Center, Policy, and VM monitoring to gain insights and control.

Start of a Centralized LAWS

• Add solutions (consolidated solutions removing separate sentinel module)
  • Security
  • Security Insights (Sentinel which is optional)
  • Activity log
  • VM Insights
  • Container Insights
  • Key Vault Insights
  • ServiceMap (dependency agent for network monitoring)
• Add option to lock LAWS
• Add diagnostic settings for LAWS to LAWS and operations Storage Account
• Add policy assignments for DINE agents on VMs
  • Add extensions to VMs manually for initial deployment of jumpboxes
• Add remediation for DINE agent policies - (Optional parameter to enable)
  • Required a role assignment for managed identity to contributor of RG
• Add role assignments for IL5/CMMC/NIST policies
• Add option to enable ASC - pricing 'standard' (defender)
  • Enable auto provision - redirect to ops LAWS
  • Option add Email contact to ASC
  • Enable notifications
  • Enable recommendations
• Add azure private link for Azure Monitor for VM agents to communicate
  • Scopes for Azure Monitor
  • DNS entries for monitor
  • NSG entries for monitor

Issue reference

The issue this PR will close: #413

Checklist

Please make sure you've completed the relevant tasks for this PR out of the following list:

• All acceptance criteria in the backlog item are met
• The documentation is updated to cover any new or changed features
• Manual tests have passed
• Relevant issues are linked to this PR

[glennmusa]

validating a deployment, but in the meantime some nits w/r/t style and conventions

[glennmusa]

Deployed and configured successfully. 👍

If there are any steps not documented to clean-up after a deployment that provisions Security Center let's document that somewhere.