Support updating DNS permitted domains (and configuration)

[JimMadge]

✅ Checklist

• I have searched open and closed issues for duplicates.
• This is a request for a new feature in the Data Safe Haven or an upgrade to an existing feature.
• The feature is still missing in the latest version.
• I have read through the documentation.
• This isn't an open-ended question (open a discussion if it is).

🍓 Suggested change

Currently the DNS server configuration is templated and written to disk by cloud-init. This configuration includes domain filtering configuration, built from the list of permitted domains.

This will cause a problem if the permitted domains or configuration are updated. As the VM already exists it will not be recreated and the old configuration will not be updated.

This is unlike the NSG and firewall, where rule definitions will be updated.

🚂 How could this be done?

1. Move DNS configuration to a blob or file share, similar to how desired state configuration is provisioned
2. Add trigger to restart DNS service (or the whole VM?) when configuration is updated

[cptanalatriste]

@JimMadge How about re-deploying the DNS Server VM when the cloud-init configuration changes? We can use Pulumi's replace_on_changes