ACA now supports private endpoint connections, would like to switch to ACA from App Service.

There are certain limitations at this point.

• No Central policy exist for creating Private DNS Zone, OCIO team is looking into it. (https://chat.developer.gov.bc.ca/channel/public-cloud-how-to?msg=nAGDQDFxQQcsDQD5e)
• Terraform does not have all the required capabilities and needs some workarounds (Support for PublicNetworkAccess (azurerm_container_app_environment) hashicorp/terraform-provider-azurerm#28508 (comment))

cc @jujaga