feat: add check block to warn about blob CSI driver subnet drift (fixes #424)

[lonegunmanb]

Summary

When storage_profile_blob_driver_enabled is true, the AKS Blob CSI driver may automatically add a Microsoft.Storage service endpoint to the subnet out-of-band when a blob NFS PersistentVolumeClaim is created. This causes Terraform state drift — subsequent terraform plan detects the out-of-band change and attempts to remove the service endpoint.

This PR adds a Terraform check block that warns users (without blocking operations) when their subnet does not have Microsoft.Storage declared in service_endpoints, so they can proactively add it to prevent drift.

Changes

• Added data.azurerm_subnet.blob_driver_check — conditional data source that only queries the subnet when storage_profile_enabled, storage_profile_blob_driver_enabled are both true and vnet_subnet is provided.
• Added check "blob_driver_subnet_service_endpoint" — produces a warning if the subnet lacks the Microsoft.Storage service endpoint.

Impact

• Non-breaking: The check block only produces warnings, never errors.
• No new variables: Uses existing storage_profile_enabled, storage_profile_blob_driver_enabled, and vnet_subnet variables.
• Version compatible: check blocks are supported since Terraform 1.5; the module already requires >= 1.9.
• Minimal API overhead: The data.azurerm_subnet lookup only runs when conditions are met.

Verification

• terraform validate: Passed
• Drift scenario manually reproduced and confirmed in a prior experiment (see issue comments)

Fixes #424

[lonegunmanb]

LGTM! Clean, non-breaking addition that proactively warns about known Azure Blob CSI driver behavior causing Terraform state drift. Implementation is solid: properly gated count condition, reuses existing vars/locals, check block only warns, good error message with actionable fix and issue reference. All CI checks passed including E2E tests. Ready for maintainer merge.

[jiaweitao001]

LGTM！