feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone

- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization

infra/scripts/azure-validate-current-env.sh

@@ -0,0 +1,188 @@
+#!/bin/bash
+# Validate current .env file against Azure deployment requirements
+# Provides detailed analysis and recommendations
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+ENV_FILE="$PROJECT_ROOT/.env"
+
+echo "╔══════════════════════════════════════════════════════════════╗"
+echo "║   .ENV FILE ANALYSIS FOR AZURE DEPLOYMENTS                  ║"
+echo "╚══════════════════════════════════════════════════════════════╝"
+echo ""
+
+if [ ! -f "$ENV_FILE" ]; then
+  echo "❌ .env file not found at: $ENV_FILE"
+  exit 1
+fi
+
+echo "📄 Analyzing: $ENV_FILE"
+echo ""
+
+# Load environment
+set -a
+source "$ENV_FILE"
+set +a
+
+# Check required variables
+echo "✅ REQUIRED VARIABLES:"
+echo ""
+
+# Subscription ID
+if [ -n "$AZURE_SUBSCRIPTION_ID" ] || [ -n "$ARM_SUBSCRIPTION_ID" ]; then
+  SUB_ID="${AZURE_SUBSCRIPTION_ID:-$ARM_SUBSCRIPTION_ID}"
+  echo "  ✓ Subscription ID: ${SUB_ID:0:8}...${SUB_ID: -4}"
+  if [[ ! "$SUB_ID" =~ ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ ]]; then
+    echo "    ⚠️  Warning: Format may be invalid (should be UUID)"
+  fi
+else
+  echo "  ❌ Subscription ID: MISSING"
+fi
+
+# Tenant ID
+if [ -n "$AZURE_TENANT_ID" ] || [ -n "$ARM_TENANT_ID" ]; then
+  TENANT_ID="${AZURE_TENANT_ID:-$ARM_TENANT_ID}"
+  echo "  ✓ Tenant ID: ${TENANT_ID:0:8}...${TENANT_ID: -4}"
+  if [[ ! "$TENANT_ID" =~ ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ ]]; then
+    echo "    ⚠️  Warning: Format may be invalid (should be UUID)"
+  fi
+else
+  echo "  ❌ Tenant ID: MISSING"
+fi
+
+# Location
+if [ -n "$AZURE_LOCATION" ] || [ -n "$ARM_LOCATION" ]; then
+  LOCATION="${AZURE_LOCATION:-$ARM_LOCATION}"
+  echo "  ✓ Location: $LOCATION"
+  if [[ "$LOCATION" =~ ^us ]]; then
+    echo "    ❌ ERROR: US regions are not allowed!"
+  fi
+else
+  echo "  ⚠️  Location: NOT SET (will default to westeurope)"
+fi
+
+echo ""
+echo "📋 OPTIONAL BUT RECOMMENDED:"
+echo ""
+
+# Management Group
+if [ -n "$AZURE_MANAGEMENT_GROUP_ID" ]; then
+  echo "  ✓ Management Group: $AZURE_MANAGEMENT_GROUP_ID"
+else
+  echo "  ○ Management Group: Not set"
+fi
+
+# Resource Group
+if [ -n "$AZURE_RESOURCE_GROUP" ] || [ -n "$TF_VAR_resource_group_name" ]; then
+  RG="${AZURE_RESOURCE_GROUP:-$TF_VAR_resource_group_name}"
+  echo "  ✓ Resource Group: $RG"
+else
+  echo "  ⚠️  Resource Group: Not set (will use default naming convention)"
+fi
+
+# Environment
+if [ -n "$TF_VAR_environment" ]; then
+  echo "  ✓ Environment: $TF_VAR_environment"
+else
+  echo "  ⚠️  Environment: Not set (will default to 'dev')"
+fi
+
+# Storage Account
+if [ -n "$TF_VAR_storage_account_name" ] || [ -n "$AZURE_STORAGE_ACCOUNT" ]; then
+  SA="${TF_VAR_storage_account_name:-$AZURE_STORAGE_ACCOUNT}"
+  echo "  ✓ Storage Account: $SA"
+else
+  echo "  ⚠️  Storage Account: Not set (will use default naming)"
+fi
+
+# Key Vault
+if [ -n "$TF_VAR_key_vault_name" ] || [ -n "$AZURE_KEY_VAULT_NAME" ]; then
+  KV="${TF_VAR_key_vault_name:-$AZURE_KEY_VAULT_NAME}"
+  echo "  ✓ Key Vault: $KV"
+else
+  echo "  ⚠️  Key Vault: Not set (will use default naming)"
+fi
+
+echo ""
+echo "🔧 TERRAFORM VARIABLE MAPPING:"
+echo ""
+
+# Check if variables need to be mapped
+NEEDS_MAPPING=false
+
+if [ -n "$AZURE_SUBSCRIPTION_ID" ] && [ -z "$ARM_SUBSCRIPTION_ID" ]; then
+  echo "  ⚠️  AZURE_SUBSCRIPTION_ID found, but Terraform expects ARM_SUBSCRIPTION_ID"
+  echo "     Recommendation: Add ARM_SUBSCRIPTION_ID=\"$AZURE_SUBSCRIPTION_ID\""
+  NEEDS_MAPPING=true
+fi
+
+if [ -n "$AZURE_TENANT_ID" ] && [ -z "$ARM_TENANT_ID" ]; then
+  echo "  ⚠️  AZURE_TENANT_ID found, but Terraform expects ARM_TENANT_ID"
+  echo "     Recommendation: Add ARM_TENANT_ID=\"$AZURE_TENANT_ID\""
+  NEEDS_MAPPING=true
+fi
+
+if [ -n "$AZURE_LOCATION" ] && [ -z "$ARM_LOCATION" ]; then
+  echo "  ⚠️  AZURE_LOCATION found, but Terraform expects ARM_LOCATION"
+  echo "     Recommendation: Add ARM_LOCATION=\"$AZURE_LOCATION\""
+  NEEDS_MAPPING=true
+fi
+
+if [ "$NEEDS_MAPPING" = false ]; then
+  echo "  ✓ All variables properly mapped for Terraform"
+fi
+
+echo ""
+echo "📊 SUMMARY:"
+echo ""
+
+# Count issues
+ISSUES=0
+WARNINGS=0
+
+if [ -z "$AZURE_SUBSCRIPTION_ID" ] && [ -z "$ARM_SUBSCRIPTION_ID" ]; then
+  ISSUES=$((ISSUES + 1))
+fi
+
+if [ -z "$AZURE_TENANT_ID" ] && [ -z "$ARM_TENANT_ID" ]; then
+  ISSUES=$((ISSUES + 1))
+fi
+
+if [ -z "$AZURE_LOCATION" ] && [ -z "$ARM_LOCATION" ]; then
+  WARNINGS=$((WARNINGS + 1))
+fi
+
+if [ "$ISSUES" -eq 0 ] && [ "$WARNINGS" -eq 0 ]; then
+  echo "  ✅ .env file is properly configured for Azure deployments"
+elif [ "$ISSUES" -eq 0 ]; then
+  echo "  ⚠️  .env file is mostly configured ($WARNINGS warning(s))"
+else
+  echo "  ❌ .env file has $ISSUES critical issue(s) and $WARNINGS warning(s)"
+fi
+
+echo ""
+echo "💡 RECOMMENDATIONS:"
+echo ""
+
+if [ "$NEEDS_MAPPING" = true ]; then
+  echo "  1. Add ARM_* variables for Terraform compatibility"
+  echo "     (Our scripts will auto-map, but explicit is better)"
+fi
+
+if [ -z "$TF_VAR_environment" ]; then
+  echo "  2. Add TF_VAR_environment=\"dev\" (or stage/prod)"
+fi
+
+if [ -z "$TF_VAR_resource_group_name" ] && [ -z "$AZURE_RESOURCE_GROUP" ]; then
+  echo "  3. Consider setting TF_VAR_resource_group_name for custom naming"
+fi
+
+echo ""
+echo "✅ Analysis complete!"
+echo ""
+echo "To use with Azure deployments:"
+echo "  source infra/scripts/azure-validate-env.sh"
+echo "  ./infra/scripts/azure-complete-setup.sh"
+