Add Policy for configuring private dns zones on any private endpoint Improved - with compliance working 100%

[mitramcc]

The built-in policies we have besides being 1 policy for each serive the compliance doesn't work as expected.
If we delete the record from portal the compliance doesn't change therefore you might end up with resouces non-compliant marked as compliant.
This policy solves that problem and the different number of DNS records for the same resource type e.g: Open AI and AI Foundry

The logic of the policy is to take the customDnsRecors and from there choose which private DNS zone name to use.
There are some resources that don't folow this logic E.g: Key Vault uses privateDNS Zone : privatelink.vaultcore.azure.net but CustomDNSRecord is xxxxx.vault.azure.net
In this case we have to add mappings in the template part as I did for AKV.
Lowercase values for the key of the object to be added followed by an array with 2 items, first the forward part that we are going to replace , then the value that we will replace with:
Example
"mappings":{
"microsoft.keyvault/vaults/vault" : [
".vault.",
".vaultcore."
]
}

[neiichango]

policy works fine on greenfield and brownfield tests

[Joshua-Donovan]

quick syntax review and no issues found, with @neiichango already validating functionality I agree with a merge for this one.