Add storage account queue support

[nomankhans21]

Context

CYPD want to use Storage Account queues but the module only supported blob storage. This adds queue support with its own private endpoint, DNS zone wiring and outputs so consuming services can start using queues privately.

Changes proposed in this pull request

Four files touched in aks/storage_account:

• variables.tf: new queues variable, defaults to empty so existing deployments are unaffected
• data.tf: data source for the privatelink.queue.core.windows.net DNS zone, gated on use_private_storage
• resources.tf: azurerm_storage_queue resource and a second private endpoint for the queue sub-resource, follows the same pattern as the existing blob endpoint
• outputs.tf: storage_private_queue_fqdn and queues outputs

Guidance to review

• Everything mirrors the existing blob private endpoint pattern. Worth checking:
• DNS zone data source points to the queue zone
• Private endpoint uses subresource queue not blob
• storage_account_id used (not the deprecated storage_account_name)

Before merging

• Confirm the teacher-services-cloud DNS zone PR is merged and applied.

After merging

Checklist

• I have performed a self-review of my code, including formatting and typos
• I have cleaned the commit history
• I have added the Devops label
• I have attached the pull request to the trello card

[RMcVelia]

This will always create a storage queue if private storage is enabled.
Possibly something like var_use_private_storage true and variable queues is not []
This would have to be added to data and output vars too.

[nomankhans21]

Good point. I've updated the count condition across resources.tf, data.tf and outputs.tf so the queue private endpoint is only created when use_private_storage is true and var.queues is not empty.

[RMcVelia]

I think we also need to output the primary_queue_endpoint similar to the primary_blob_endpoint

[nomankhans21]

I have added primary_queue_endpoint output to mirror as suggested