Add Data Protection services

[DrizzlyOwl]

The purpose of this Pull Request is to add aspnet Data Protection services to the webapp. This will ensure that user sessions are secured and persistent across multiple 'instances' of the web app. This is particularly important in Azure where the app is running in containers.

As you will see in the logic of the patch, this is not testable on a local machine due to requiring access to a linux file path and Azure Key Vault Key.

Mounting a network-attached File Share to all the containers that run the app, then storing the session key ring key.xml on the shared file path, will ensure all instances of the app can use the same key for encrypting/decrypting user sessions.

NB. Changes to DfE.FindInformationAcademiesTrusts.csproj were done by dotnet CLI when adding the new packages. The diff shows spacing on otherwise untouched lines. I would suggest this is a discrepancy between what the CLI does and what Visual Studio does.

Changes

• Registers Data Protection services to the app
• Allows operators to deploy a File Share using Terraform
• Allows operators to deploy a Key Vault and associated cryptographic Key used to further encrypt the aspnet key ring on the File Share.

Checklist

• Pull request attached to the appropriate user story in Azure DevOps
• ADR decision log updated (if needed)
• Release notes added to CHANGELOG.md
• Testing complete - all manual and automated tests pass

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud