feat: Prepare Application Gateway for APIM change to External mode for Front Door migration

[patrickmoore-nc]

Description

• Linked to: feat: Prepare Application Gateway for APIM change to External mode for Front Door migration dtos-hub#111

This change prepares Application Gateway to front APIM in External VNET integration mode. For this we need a 're-write rule set', so we can add an identifying header which will allow APIM policy to restrict access to a specific Application Gateway and Front Door, while we migrate entirely over to Front Door.

This change will allow the existing nationalscreening.nhs.uk API URLs to continue to be presented from Application Gateway, while new equivalent URLs in the screening.nhs.uk domain can be presented via Azure Front Door - which requires the APIM to be in External VNET integration mode.

Once all API consumers have updated to use the screening.nhs.uk domain, Application Gateway can be decommissioned together with the Let's Encrypt SSL certificates and the old DNS domain - a considerable solution complexity saving which had not been technically possible until recently.

Testing

Successfully deployed to Non-Live Hub:

• https://dev.azure.com/nhse-dtos/dtos-hub/_build/results?buildId=29381&view=results

Successful plan for Live Hub (will create the rewrite rule, but unbound):

• https://dev.azure.com/nhse-dtos/dtos-hub/_build/results?buildId=29391&view=results

Test presentation of a developer SKU External mode VNET-integrated APIM instance, via IaC ready for eventual APIM mode migration:

• https://migration-test.non-live.nationalscreening.nhs.uk/

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.