NGINXaaS: Add private subnet OIDC with Microsoft Entra ID guide

[kafeelhasan]

Proposed Changes

This PR adds documentation for configuring OIDC authentication with Microsoft Entra ID in private subnet NGINXaaS deployments, addressing networking challenges for external authentication endpoints.

Changes Made

• Azure NAT Gateway solution with NSG rules and Microsoft IP ranges
• Azure Firewall solution with DNS proxy and FQDN filtering
• Complete Azure CLI commands for NAT Gateway, Firewall, NSG, and route tables
• OIDC configuration for Microsoft Entra ID JWT keyfile endpoint
• DNS resolver setup for private subnet environments
• Network rules for TCP 443 access to login.microsoftonline.com

Benefits

• Enables OIDC authentication in private subnet deployments
• Provides two networking solutions with cost/security trade-offs
• Reduces implementation errors with production-ready CLI commands
• Meets enterprise security requirements for network isolation

Checklist

Before sharing this pull request, I completed the following checklist:

• I read the Contributing guidelines
• My branch adheres to the Git conventions
• My content changes adhere to the F5 NGINX Documentation style guide
• If my changes involve potentially sensitive information¹, I have assessed the possible impact
• I have waited to ensure my changes pass tests, and addressed any discovered issues

Footnotes

1. Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩