chore: review Bicep templates for correctness and parameter alignment

[Sealjay]

Context

The deploy workflow was passing parameters (azureOpenAiEndpoint, azureOpenAiChatDeployment, azureOpenAiEmbeddingDeployment, azureOpenAiDalleDeployment) that the Bicep template no longer accepts. This was fixed by removing them from the workflow, but suggests the Bicep templates and workflow have drifted.

Tasks

• Audit infra/main.bicep and all modules for correctness — ensure all parameters are used and valid
• Verify AI Foundry / Azure OpenAI resources are provisioned correctly via Bicep (models, endpoints)
• Check if databasePassword, budgetAmount, budgetContactEmails, budgetStartDate defaults are sensible
• Ensure Bicep outputs match what the deploy workflow expects (e.g., AZURE_MANAGED_IDENTITY_PRINCIPAL_ID, AZURE_CONTAINER_REGISTRY_NAME, AZURE_KEY_VAULT_NAME, etc.)
• Review if the what-if preview step is useful or adds unnecessary delay
• Validate the managed identity role assignment step is idempotent and necessary
• Check parameter files in infra/parameters/ match current template

Why

Parameter drift between Bicep templates and CI/CD workflows causes deploy failures. A full audit ensures the infrastructure-as-code is accurate and deployable.