feat: consider creating a storage account for tfstate

[kewalaka]

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

App workloads that want to use Terraform will need somewhere to put their state.

Having this created by the vending machine would encourage isolation of these into app workloads, reducing the blast radius should be storage account be compromised.

Is your feature request related to an issue?

This is a new feature suggestion.

Describe the solution you'd like

Create a storage account & container, secured using RBAC, as an optional component for the vending machine.

Currently we do this by a separate module outside of lz_vending, as part of the sub vending process.

You could consider having a central "platform" location for tfstate files, however I consider this to be an unwise approach due to the sensitivity of the state file - better to have these created per workload.

Additional context