Automatically download data onto review VM

[tanya-borisova]

In order to simplify the task of the Airlock Manager to review incoming requests, it would be great if the data that they need to review would be pre-populated on the review VM that they are going to use.

To achieve this, we can accept a SAS URL for downloading request data as a template parameter for exportreview and importreview user resource templates, and have a cloudinit script that on startup downloads the data using the URL passed in.

[anatbal]

After investigating, came around with these steps:

1. Create a new user resource template, airlock request id (aka container name) should be passed as a parameter.
2. Give the VM's managed identity a Storage Blob Data Reader role assignment on the container.
3. Add a firewall role under network rule collection (can be added inside the one that is created for guacamole/in a similar way) that allows the review vm subnet access the service tag AzureResourceManageron port 443
4. Implement a cloud-init script with these two commands:

 az login --identity --allow-no-subscriptions
 az storage blob download-batch --account-name <import_storage_account> --source <container_name> --destination <target_folder> --auth-mode login

[tanya-borisova]

Updated the description to describe the option we have settled on.