Document Azure Key Vault permissions support

docs/features/azure-iam/index.mdx

@@ -52,6 +52,19 @@ spec:
       type: azure
       azureRoles:
         - "Storage Blob Data Contributor"
+    - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault"
+      type: azure
+      # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy
+      azureKeyVaultPolicy:
+        certificatePermissions:
+          - "all"
+        keyPermissions:
+          - "all"
+        secretPermissions:
+          - "all"
+        storagePermissions:
+          - "get"
+          - "list"
 ```
 
 ### Automatically generating ClientIntents for Azure IAM

docs/features/azure-iam/reference.mdx

@@ -21,6 +21,19 @@ spec:
       # one or more Azure roles that will be provided to the specified resources
       azureRoles:
         - "Storage Blob Data Contributor"
+    - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault"
+      type: azure
+      # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy
+      azureKeyVaultPolicy:
+        certificatePermissions:
+          - "all"
+        keyPermissions:
+          - "all"
+        secretPermissions:
+          - "all"
+        storagePermissions:
+          - "get"
+          - "list"
 ```
 
 ### Annotations

static/code-examples/azure-iam-aks/clientintents.yaml

@@ -11,3 +11,7 @@ spec:
       type: azure
       azureRoles:
         - "Storage Blob Data Contributor"
+
+
+
+