cnspec integrate azure - ignore non-enabled subscriptions

[AdamVB]

Describe the bug When deploying to a tenant with a disabled subscription we run run into an error:

Proposed fix We still collect all subs with the azurerm data source, but filter it and use that going forward.

data "azurerm_subscriptions" "available" {}

# Filter only active subscriptions
locals {
  active_subscriptions = [
    for sub in data.azurerm_subscriptions.available.subscriptions :
    sub if sub.state == "Enabled"
  ]
}

resource "azurerm_role_assignment" "reader" {
  count                = length(local.active_subscriptions)
  principal_id         = azuread_service_principal.mondoo.object_id
  role_definition_name = "Reader"
  scope                = local.active_subscriptions[count.index].id
}

Another thing that might be worth discussing: Should the allow/deny list affect where we deploy the role assignment? Currently the allow or deny list is only used for the mondoo integration itself.