ADR-022: Azure Compute Landing Zone
Lock the Azure compute landing zone for sv0-platform: westeurope, IaaS primitives only, Cloudflare Tunnel ingress (no public IPs / no Azure LB), HA prod fleet across two zones, ephemeral per-PR VMs, OIDC-federated TF auth, and a cloud-portability rule set that keeps the design migratable to AWS/GCP.