fixes deny subnet without nsg & udr policy

[withstu]

Overview/Summary

This PR fixes the issue that is described here: Azure/Enterprise-Scale#407
Despite of the deny policies Deny-Subnet-Without-Udr & Deny-Subnet-Without-Nsg a vNet with a subnet without udr or nsg can be created in a single ARM deployment. After the deployment the subnets get be marked as non-compliant.

Cross-Reference: Azure/Enterprise-Scale#885

This PR fixes/adds/changes/removes

1. Deny-Subnet-Without-Nsg will allow a network with a subnet to be created. Enterprise-Scale#407

Breaking Changes

Testing Evidence

After the fix I now getting a deny, when I try to create a vnet with a subnet without udr & nsg.

As part of this Pull Request I have

• Checked for duplicate Pull Requests
• Associated it with relevant issues, for tracking and closure.
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated relevant and associated documentation.
• Updated the "What's New?" wiki page (located in the Enterprise-Scale repo in the directory: /docs/wiki/whats-new.md)

[jschul711]

+1

[jtracey93]

Closing as commented here on the ESLZ PR created Azure/Enterprise-Scale#885 (comment)