Make auth should support multiple environments / SPs and persistent state

[jjgriff93]

Is your feature request related to a problem? Please describe.
Currently running make auth deploys a single Service Principal and tracks the state locally for that SP. If you wish to deploy an SP per environment (for example, one for infra-test, one for app-dev and one for prod), you effectively need to either overwrite the state and change your config.yaml file temporarily with a new flowehr_id / suffix to give the SP a different name, or have three local clones of the FlowEHR repo, one per environment.

Also, this state isn't persisted anywhere, so will live locally on someone's laptop which isn't ideal for making modifications to the SP and associated role permissions.

Describe the solution you'd like
I think this code should be moved to Azure-Bootstrap. We could then use the config.yaml file in bootstrap to define the AD Apps per environment / project we wish to deploy and the associated permissions they need, as an optional auth block, i.e.:

auth:
  - flowehr-infratest:
    graph_permissions:
      - User.ReadWrite.All
      - etc.
  - flowehr-appdev:
    etc.

This would provide a flexible way of supporting multiple environments and could be re-used for other deployments as well. It will also benefit from the fact that we store state for bootstrap in a private repo.

Should an organisation wish to use existing SPs they have, they can just configure those in CI for FlowEHR without needing azure-bootstrap.

[stefpiatek]

not blocking, but may get done when there's a spare moment, should be reasonably well scoped.