Add custom Azure Policy and scripts for Arc-enabled SQL Server license type configuration

[claestom]

Summary

Adds a custom Azure Policy (DeployIfNotExists) with deployment and remediation scripts to enforce a target LicenseType on Arc-enabled SQL Server extensions at scale.

What's included

Path	Description
policy/azurepolicy.json	Custom policy definition supporting both Windows and Linux Arc SQL extensions, configurable target license type, and selective overwrite of existing values.
scripts/deployment.ps1	Creates/updates the policy definition and assignment at management group or subscription scope. Automatically assigns required RBAC roles to the policy managed identity.
scripts/start-remediation.ps1	Starts a remediation task for the assignment with optional -GrantMissingPermissions to fix missing roles before execution.
docs/screenshots/	Visual references showing pre-policy, remediation, and post-policy state.
README.md	Full usage guide with parameter reference, scenario examples, and troubleshooting.

Key capabilities

• Platform flexibility: target Windows, Linux, or both Arc SQL extensions with a single policy definition.
• Selective overwrite: choose which existing LicenseType values (Unspecified, Paid, PAYG, LicenseOnly) are eligible for update.
• Automated RBAC: deployment script assigns Azure Extension for SQL Server Deployment, Reader, and Resource Policy Contributor roles to the policy managed identity automatically.
• Safe remediation: remediation script validates the assignment exists and checks for missing roles before creating the remediation task.

Example usage

# Deploy: enforce PAYG on both platforms, only where current LicenseType is Paid
.\scripts\deployment.ps1 -ManagementGroupId "<mg-id>" -SubscriptionId "<sub-id>" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")

# Remediate: trigger remediation with automatic role check
.\scripts\start-remediation.ps1 -ManagementGroupId "<mg-id>" -SubscriptionId "<sub-id>" -TargetLicenseType "PAYG" -GrantMissingPermissions