Add private access for storage scanner from defender

Author: marvinbuss

code/infra/storage.tf

@@ -34,6 +34,10 @@ resource "azurerm_storage_account" "storage" {
     default_action             = "Deny"
     ip_rules                   = []
     virtual_network_subnet_ids = []
+    private_link_access {
+      endpoint_resource_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/providers/Microsoft.Security/datascanners/storageDataScanner"
+      endpoint_tenant_id   = data.azurerm_client_config.current.tenant_id
+    }
   }
   nfsv3_enabled                 = false
   public_network_access_enabled = false