feat(udr): enable udr+firewall+route table with subnet association

[vittoriasalim]

nap-complex test scenarios: enable udr+firewall+route table with subnet association

[Copilot]

Pull request overview

This PR adds User-Defined Routing (UDR), Azure Firewall, and route table configurations to the NAP complex test scenario, enabling advanced networking scenarios for AKS cluster testing with custom egress control.

Key Changes:

• Adds Azure Firewall configuration with application and network rules for AKS egress traffic
• Configures route tables with custom routes for traffic routing through the firewall
• Updates AKS cluster to use userDefinedRouting for outbound traffic
• Adjusts subnet addressing to accommodate both AKS nodes and Azure Firewall

Critical Issues Identified:
The PR adds configurations for firewalls and route_tables fields that are not currently supported in the Azure Terraform module schema (modules/terraform/azure/variables.tf). This will cause the configurations to be ignored or result in validation errors. These features require corresponding module implementation before they can be used.

[vittoriasalim]

The vnet_address_space and nap-subnet-ms share the same address range, which sometimes triggers a “subnet overlaps” error, as seen

Virtual Network Name: "nap-vnet-ms"): performing CreateOrUpdate: 
unexpected status 400 (400 Bad Request) with error: SubnetIpAddressesRangeOverlap: 
Subnet /subscriptions/..../nap-subnet-ms is not valid because its IP address range overlaps 
with that of an existing subnet in virtual network /..../nap-vnet-ms.

Proposing following adjustment as seen in the changes of this PR
VNet: 10.192.0.0/10
├─ nap-subnet-ms: 10.192.0.0/16
└─ AzureFirewallSubnet: 10.193.0.0/26
/10 → 10.192.0.0 – 10.255.255.255
/16 → 10.192.0.0 – 10.192.255.255
/26 → 10.193.0.0 – 10.193.0.63