Add Legal Office seal and complete Azure CDN deployment

- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS

scripts/deploy/configure-multi-manifest.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# Configure Multi-Manifest Support for Entra VerifiedID
+# Helps set up multiple credential manifests
+
+set -euo pipefail
+
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
+log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
+
+cd "$(dirname "$0")/../.."
+
+log_info "Configuring Multi-Manifest Support for Entra VerifiedID..."
+
+echo "Enter manifest IDs (press Enter to skip optional ones):"
+echo ""
+
+read -p "Default Manifest ID (required): " DEFAULT_MANIFEST
+if [ -z "${DEFAULT_MANIFEST}" ]; then
+    log_warning "Default manifest ID is required"
+    exit 1
+fi
+
+read -p "Diplomatic Manifest ID (optional): " DIPLOMATIC_MANIFEST
+read -p "Judicial Manifest ID (optional): " JUDICIAL_MANIFEST
+read -p "Financial Manifest ID (optional): " FINANCIAL_MANIFEST
+
+# Build JSON object
+MANIFESTS_JSON="{"
+MANIFESTS_JSON+="\"default\":\"${DEFAULT_MANIFEST}\""
+
+if [ -n "${DIPLOMATIC_MANIFEST}" ]; then
+    MANIFESTS_JSON+=",\"diplomatic\":\"${DIPLOMATIC_MANIFEST}\""
+fi
+
+if [ -n "${JUDICIAL_MANIFEST}" ]; then
+    MANIFESTS_JSON+=",\"judicial\":\"${JUDICIAL_MANIFEST}\""
+fi
+
+if [ -n "${FINANCIAL_MANIFEST}" ]; then
+    MANIFESTS_JSON+=",\"financial\":\"${FINANCIAL_MANIFEST}\""
+fi
+
+MANIFESTS_JSON+="}"
+
+log_info "Generated manifest configuration:"
+echo "${MANIFESTS_JSON}" | jq '.'
+
+# Update .env file if it exists
+if [ -f ".env" ]; then
+    read -p "Update .env file? (y/n): " UPDATE_ENV
+    if [ "${UPDATE_ENV}" = "y" ]; then
+        # Remove old ENTRA_MANIFESTS if exists
+        sed -i '/^ENTRA_MANIFESTS=/d' .env
+        # Add new one
+        echo "ENTRA_MANIFESTS='${MANIFESTS_JSON}'" >> .env
+        log_success "Updated .env file"
+    fi
+fi
+
+# For Kubernetes
+read -p "Generate Kubernetes secret update? (y/n): " GEN_K8S
+if [ "${GEN_K8S}" = "y" ]; then
+    K8S_SECRET="infra/k8s/entra-manifests-secret.yaml"
+    cat > "${K8S_SECRET}" << EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: entra-manifests
+  namespace: the-order-prod
+type: Opaque
+stringData:
+  ENTRA_MANIFESTS: '${MANIFESTS_JSON}'
+EOF
+    log_success "Kubernetes secret created: ${K8S_SECRET}"
+fi
+
+# For Key Vault
+read -p "Store in Azure Key Vault? (y/n): " STORE_KV
+if [ "${STORE_KV}" = "y" ]; then
+    read -p "Key Vault name: " KV_NAME
+    if [ -n "${KV_NAME}" ]; then
+        az keyvault secret set \
+            --vault-name "${KV_NAME}" \
+            --name "entra-manifests" \
+            --value "${MANIFESTS_JSON}" \
+            --output none
+        log_success "Stored in Key Vault: ${KV_NAME}"
+    fi
+fi
+
+log_success "Multi-manifest configuration complete!"
+log_info "To use in code:"
+echo "  const manifests = JSON.parse(process.env.ENTRA_MANIFESTS);"
+echo "  await client.issueCredential({ claims: {...}, manifestName: 'diplomatic' });"
+