Add Legal Office seal and complete Azure CDN deployment

- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS

docs/deployment/AZURE_CDN_QUICK_START.md

@@ -0,0 +1,141 @@
+# Azure CDN Quick Start Guide
+
+## Prerequisites Check
+
+Before running setup, verify:
+
+```bash
+# 1. Azure CLI installed
+az --version
+
+# 2. Logged in to Azure
+az account show
+
+# 3. Check quotas
+./infra/scripts/azure-check-cdn-quotas.sh
+```
+
+## One-Command Setup
+
+```bash
+./scripts/deploy/setup-azure-cdn-complete.sh
+```
+
+This automates everything:
+1. ✅ Quota verification
+2. ✅ Resource group creation
+3. ✅ Storage account creation
+4. ✅ Container creation
+5. ✅ CDN profile creation
+6. ✅ CDN endpoint creation
+7. ✅ PNG file upload
+8. ✅ Manifest URL updates
+
+## Manual Setup (Step-by-Step)
+
+### Step 1: Check Quotas
+```bash
+./infra/scripts/azure-check-cdn-quotas.sh
+```
+
+**Required Quotas:**
+- Storage Accounts: 1 available
+- CDN Profiles: 1 available
+- Resource Groups: 1 available
+
+### Step 2: Create Infrastructure
+```bash
+./infra/scripts/azure-cdn-setup.sh
+```
+
+**Creates:**
+- Resource Group: `the-order-cdn-rg`
+- Storage Account: `theordercdn<timestamp>`
+- Container: `images` (public blob access)
+- CDN Profile: `theorder-cdn-profile`
+- CDN Endpoint: `theorder-cdn-endpoint`
+
+**Output:** `azure-cdn-config.env`
+
+### Step 3: Upload Files
+```bash
+./scripts/deploy/upload-seals-to-azure.sh
+```
+
+### Step 4: Update URLs
+```bash
+source azure-cdn-config.env
+CDN_BASE_URL="${CDN_BASE_URL_CDN}" ./scripts/deploy/update-manifest-seal-urls.sh
+```
+
+## Configuration
+
+After setup, configuration is saved in `azure-cdn-config.env`:
+
+```bash
+source azure-cdn-config.env
+echo $CDN_BASE_URL
+```
+
+## URLs
+
+### Blob Storage (Immediate)
+```
+https://<storage-account>.blob.core.windows.net/images/
+```
+
+### CDN (After 10-15 min)
+```
+https://<cdn-endpoint>.azureedge.net/images/
+```
+
+## Verification
+
+```bash
+# Test file access
+curl -I https://<storage-account>.blob.core.windows.net/images/digital-bank-seal.png
+
+# Check storage account
+az storage account show --name <storage-account> --resource-group the-order-cdn-rg
+
+# Check CDN endpoint
+az cdn endpoint show \
+  --name theorder-cdn-endpoint \
+  --profile-name theorder-cdn-profile \
+  --resource-group the-order-cdn-rg
+```
+
+## Troubleshooting
+
+### Quota Exceeded
+- Request increase: https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade
+- Or use existing storage account
+
+### Setup Fails
+- Check Azure CLI login: `az account show`
+- Verify permissions: Contributor role required
+- Check quotas: `./infra/scripts/azure-check-cdn-quotas.sh`
+
+### Files Not Accessible
+- Verify container has public blob access
+- Check CORS configuration
+- Wait for CDN propagation (10-15 minutes)
+
+## Cost
+
+Approximate monthly cost:
+- **Storage**: ~$0.0001/month (3.4MB)
+- **CDN**: First 5GB free, then ~$0.04/GB
+- **Total**: ~$0-5/month
+
+## Next Steps
+
+1. ✅ Verify files accessible
+2. ✅ Test credential issuance
+3. ✅ Monitor CDN usage
+4. ✅ Set up custom domain (optional)
+
+---
+
+**Quick Start**: `./scripts/deploy/setup-azure-cdn-complete.sh`
+