Clarify Custom Role Definition for AzureDevopsInfrastructure Principal

[afscrome]

The docs are incomplete on permissions needed in a custom role, as well as being ambigious as to whether the Reader role is needed in addition to the custom role or not

Solve the ambiguity by including the Microsoft.Network/virtualNetworks/*/read action in the custom role definition, and making clear that is an alternative to the two built in roles

Added a missing permission required to delete a managed devops pool Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete action required to delete a managed devops pool