Issue with existing DNS zones

[jason-theodorakopoulos]

This template is designed with the assumption that private DNS zones reside within the same subscription as the deployment. As a result, it only prompts for the resource group name, under the expectation that the DNS zones are co-located with other resources.
However, in real-world enterprise environments—particularly those adhering to the Microsoft Cloud Adoption Framework (CAF)—DNS infrastructure is typically centralized and managed within a dedicated Identity or Connectivity subscription. This separation aligns with best practices for network and identity isolation, governance, and lifecycle management.
If DNS zones are provisioned in a different subscription - this template would fail.

@description('Map of DNS zone FQDNs to resource group names. If provided, reference existing DNS zones in this resource group instead of creating them.')

[timmoh]

see pullrequest #306