[DOCS-13085] Add Azure log ingestion decision framework and VNet/NSG flow logs subsection

[buraizu]

What does this PR do? What is the motivation?

Fixes DOCS-13085

Adds a log-type-to-ingestion-path decision framework to azure-automated-log-forwarding.md, and a VNet/NSG flow logs setup subsection to azure-manual-log-forwarding.md. Customers repeatedly choose the wrong Azure log ingestion path (Event Hub vs. Blob Storage vs. Log Analytics Workspace) and fail silently — most acutely when the source is VNet flow logs or NSG flow logs, which only support Storage Account destinations.

Changes in content/en/logs/guide/azure-automated-log-forwarding.md:

• Renames ## How to choose between automated and manual setup to ## Choose your Azure log ingestion method (verified no inbound anchor links to the old heading exist in the repo).
• Splits the section into two subsections: "Log type to ingestion path" (new) and "Setup method" (existing bullets, retained).
• Adds a new decision table mapping seven Azure log sources to their supported ingestion paths, with notes calling out Blob-Storage-only sources (VNet flow logs, NSG flow logs) and the cross-link to the new VNet/NSG subsection in the manual guide.
• Adds an additional "manual setup method" reason: forwarding sources that only write to Blob Storage.
• Adds three new link references: [22] Microsoft Entra ID logs section in the Azure native integration guide; [23] deep link to the new VNet/NSG flow logs subsection (with ?tab=blobstorage query param so the Blob Storage tab opens automatically); [24] manual log forwarding page.

Changes in content/en/logs/guide/azure-manual-log-forwarding.md:

• Adds an ##### Forward VNet flow logs or NSG flow logs subsection in the Blob Storage tab between step 8 (verify) and "Logs not appearing in Datadog."
• Documents the Network Watcher → Storage Account → Datadog Blob log forwarder pipeline, including the required Storage Blob Data Reader role on the source container and the predictable container path structure (insights-logs-flowlogflowevent for VNet flow logs v2; insights-logs-networksecuritygroupflowevent for NSG flow logs).
• Adds two new link references for the Microsoft Network Watcher overview pages.

This is the second of six planned PRs under DOCS-13085. PR 2 is branched off PR 1 (docs13085/azure-log-forwarding-cli-first), so this PR is targeted against PR 1's branch as base while PR 1 is in flight. After PR 1 merges, GitHub auto-rebases PR 2 against master.

Merge instructions

Merge readiness:

• Ready for merge

Additional notes

Marked as WORK IN PROGRESS pending follow-up review.

Three rows of the decision table (Microsoft Defender for Cloud, Microsoft Entra ID logs, and the multi-destination rows for Activity / Resource logs) would benefit from an Azure SME fact-check during review. The VNet/NSG flow logs Blob-Storage-only constraint and Log Analytics Workspace data-export-rule path are confirmed against Microsoft documentation.

[github-actions]

Preview links (active after the build_preview check completes)

Modified Files

• https://docs-staging.datadoghq.com/docs13085/azure-log-ingestion-decision/logs/guide/azure-automated-log-forwarding
• https://docs-staging.datadoghq.com/docs13085/azure-log-ingestion-decision/logs/guide/azure-manual-log-forwarding