Update Enable MSFT tenant access workbook

[yves-chan]

Summary

Extends the Enable MSFT tenant access workbook to support cross-tenant query access configuration for Azure Monitor workspaces in Fairfax (FF) and Mooncake (MC) clouds, in addition to the existing AME support.

Multi-cloud tenant selection

• Added a Target Tenant(s) dropdown (selectedTenant) that auto-detects the workspace cloud from the Prometheus query endpoint and presents the appropriate tenants:
  AME workspaces → CORP
  FF / MC workspaces → AME and/or Torus
• Replaced the hardcoded MSFT tenant id (72f988bf-...) with parameterized {selectedTenant} / {policyTenant} values
• Added a Tenant dropdown to the access policy form (policyTenant) for selecting which tenant the principal belongs to

Parameterized API version

• Added a hidden apiVersion parameter that resolves based on workspace cloud:
  AME → 2025-05-01-preview
  FF / MC → 2025-05-03-preview
• Replaced all hardcoded api-version values (including the old 2023-04-01) with {apiVersion}

UX improvements

• Renamed from MSFT tenant access to cross-tenant query access to reflect broader scope
• Removed conditional visibility that hid the allow button when MSFT tenant was already added (no longer applicable with multi-tenant support)
• Updated descriptions and confirmation dialogs to reference selected tenants instead of hardcoded values
• Added crossComponentResources at the parameter group level

Screenshots

Validation

• Validate your changes using one or more of the testing methods.

Checklist

• If you are adding a new template, gallery, or folder, add your team and folder/file(s) to the CODEOWNERS file at the root of the repo. (N/A — existing template)
• Ensure all steps in your template have meaningful names.
• Ensure all parameters and grid columns have display names set so they can be localized.