Bug: RequestDisallowedByPolicy is not Retryable

[daftping]

Describe the bug

When Resources like ResourceGroupPolicyExemption and StorageAccount are applied simultaneously, StorageAccount gets stuck in RequestDisallowedByPolicy and never recovers.

status:
  conditions:
    - lastTransitionTime: '2025-12-09T20:16:43Z'
      message: >-
        Resource '<name>' was disallowed by policy. Policy identifiers:
        '[{"policyAssignment":{"name":"Storage accounts should disable public
        network
        access","id":"/providers/Microsoft.Management/managementGroups/<id>/providers/Microsoft.Authorization/policyAssignments/<id>"},"policyDefinition":{"name":"Storage
        accounts should disable public network
        access","id":"/providers/Microsoft.Authorization/policyDefinitions/<id>","version":"1.0.1"}}]'.
      observedGeneration: 1
      reason: RequestDisallowedByPolicy
      severity: Error
      status: 'False'
      type: Ready

Azure Service Operator Version: v2.16.0

Expected behavior

StorageAccount is eventually reconciled.

To Reproduce

1. Create a Resource block by Azure Policy
2. Exampt Resource from the Policy

[theunrepentantgeek]

I agree this is a bug; should be relatively straightforward to fix. I'll tag it for the v2.18 release but will leave the needs-triage label on it to ensure we review this once everyone is back from leave over Christmas/New Years.