Allow enablement of Trusted Launch and vTPM for VMs

[jonnyry]

Description

As a TRE Administrator/TRE Developer
I want to be able to enable Trusted Launch and vTPM for Virtual Machines
So that I can benefit from the additional security that these features provide.

For Guacamole VMs, these options should be set on a per image basis, rather than for all images, since some images may not support these settings.

For other VMs within the TRE, these should be enabled where the image supports it.

Acceptance criteria

• Ability to set secure_boot_enabled on a per image basis
• Ability to set vtpm_enabled on a per image basis
• Ignore updates to these values for existing VMs since changing this option in terraform is currently a destructive action. (This may change in future - see this azurerm provider issue)

Trusted Launch & vTPM in Azure Portal

Suggested solution for Guacamole VMs

It would be desirable if configuration could be done via deploy time variables in order to reduce forked code change, however given most users are running custom VMs and this requires editing of the porter.yaml file anyway, the configuration values could be set here, e.g.

  image_options:
    "Windows 10":
      source_image_reference:
        publisher: MicrosoftWindowsDesktop
        offer: Windows-10
        sku: win10-22h2-pro-g2
        version: latest
      conda_config: false
      secure_boot_enabled: true
      vtpm_enabled: true
    "Windows 3.1.1 For Workgroups (Custom image)":
      source_image_name: win-3-1-1-workgroups
      conda_config: false
      secure_boot_enabled: false
      vtpm_enabled: false