feat: Implement comprehensive Azure Functions code generation and deployment workflow

- Added detailed planning, code generation, testing, and deployment steps for Azure Functions.
- Introduced status tracking and error handling mechanisms.
- Established best practices for code generation and deployment, including security and structure guidelines.
- Created GitHub Actions workflow for production deployment with build, test, and deployment stages.
- Developed PowerShell script for full production deployment with custom domain support.
- Designed Bicep templates for infrastructure setup, including Azure Static Web Apps and Function Apps.
- Configured parameters for production deployment, including Stripe public key and custom domain settings.
- Added SWA CLI configuration for local development and deployment.
- Documented production deployment success criteria and post-deployment tasks.

staticwebapp.config.json

@@ -4,30 +4,55 @@
       "route": "/api/*",
       "allowedRoles": ["anonymous"]
     },
-    {
-      "route": "/admin/*",
-      "allowedRoles": ["admin"]
-    },
     {
       "route": "/*",
-      "serve": "/index.html",
-      "statusCode": 200
+      "rewrite": "/index.html"
     }
   ],
+  "navigationFallback": {
+    "rewrite": "/index.html"
+  },
   "responseOverrides": {
     "401": {
-      "redirect": "/login",
+      "redirect": "/#/portals",
+      "statusCode": 302
+    },
+    "403": {
+      "redirect": "/#/portals", 
       "statusCode": 302
     }
   },
   "globalHeaders": {
     "X-Content-Type-Options": "nosniff",
     "X-Frame-Options": "DENY",
-    "Content-Security-Policy": "default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'"
+    "X-XSS-Protection": "1; mode=block",
+    "Referrer-Policy": "strict-origin-when-cross-origin",
+    "Permissions-Policy": "geolocation=(), microphone=(), camera=()",
+    "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
+    "Content-Security-Policy": "default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests"
   },
   "mimeTypes": {
     ".json": "application/json",
     ".js": "text/javascript",
-    ".css": "text/css"
+    ".css": "text/css",
+    ".svg": "image/svg+xml",
+    ".png": "image/png",
+    ".jpg": "image/jpeg",
+    ".jpeg": "image/jpeg",
+    ".gif": "image/gif",
+    ".ico": "image/x-icon",
+    ".woff": "font/woff",
+    ".woff2": "font/woff2",
+    ".ttf": "font/ttf",
+    ".eot": "application/vnd.ms-fontobject"
+  },
+  "platform": {
+    "apiRuntime": "node:20"
+  },
+  "forwardingGateway": {
+    "allowedForwardedHosts": [
+      "miraclesinmotion.org",
+      "www.miraclesinmotion.org"
+    ]
   }
 }