Add Azure Key Vault Certificates and Keys health check packages

[Formatted]

What this PR does / why we need it:

Adds two new health check packages following the modern split-package pattern established by HealthChecks.Azure.KeyVault.Secrets:

• HealthChecks.Azure.KeyVault.Certificates — uses an injected CertificateClient to call GetCertificateAsync(). A 404 response is treated as Healthy (vault is reachable, certificate simply absent).
• HealthChecks.Azure.KeyVault.Keys — uses an injected KeyClient to call GetKeyAsync(). Same 404 handling.

Both packages accept the client directly from DI (rather than a Uri + TokenCredential as in the older HealthChecks.AzureKeyVault package), matching the pattern of the Secrets package and enabling reuse of the configured client instance.

This unblocks [microsoft/aspire#15966](microsoft/aspire#15966), which needs these packages to implement health checks for CertificateClient and KeyClient registrations in Aspire.

Which issue(s) this PR fixes:

N/A — new packages, no existing issue.

Special notes for your reviewer:

The existing HealthChecks.AzureKeyVault package already supports certificates and keys, but uses the old Uri + TokenCredential constructor pattern and bundles all three resource types into one check. This PR follows the newer per-resource, DI-client pattern introduced with HealthChecks.Azure.KeyVault.Secrets.

Does this PR introduce a user-facing change?:

Yes — two new NuGet packages with new AddAzureKeyVaultCertificates and AddAzureKeyVaultKeys extension methods on IHealthChecksBuilder.

---

• Code compiles correctly
• Created/updated tests
• Unit tests passing (net8.0/net9.0 runtimes not available locally; build verified clean)
• End-to-end tests passing
• Extended the documentation
• Provided sample for the feature

[Formatted]

@dotnet-policy-service agree