Added Path length constraint config option

[MichaelKoster70]

• Added path length constraint option
• added NuGet Packages for more Azure Tools

[Copilot]

Pull request overview

This PR extends the Azure Key Vault certificate creation tools to support configuring the X.509 Basic Constraints path length constraint for CA certificates, and updates the AzureCertTools packaging/build pipeline to produce NuGet tool packages with shared metadata.

Changes:

• Added --PathLengthConstraint option to AzureCreateRootCert and AzureCreateIntermediateCert and wired it into the generated CA Basic Constraints extension.
• Centralized/commonized AzureCertTools NuGet tool packaging metadata (and added shared package logo usage), plus updated Azure SDK package versions.
• Updated docs (README + per-tool readmes) and CI workflow to build/publish and now also dotnet pack selected Azure tools.

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
src/ReleaseNotes.md	Updated feature bullets to include path length configurability and packaging notes.
src/ReleaseHistory.md	Added path length configurability to 1.8.0 feature list.
src/CertTools/CreateRootCert/CertificateWorker.cs	Removed an unused Windows namespace import.
src/CertTools/CertCore/CertCore.csproj	Relies on directory-level build properties instead of per-project properties.
src/AzureCertTools/Directory.Packages.props	Updated Azure SDK package versions under central package management.
src/AzureCertTools/Directory.Build.props	Centralized AzureCertTools packing metadata (PackAsTool/license/output/project URL).
src/AzureCertTools/AzureDeleteCert/readme.md	Updated usage example to correct tool name.
src/AzureCertTools/AzureDeleteCert/AzureDeleteCert.csproj	Switched to shared package logo + consolidated packing metadata usage.
src/AzureCertTools/AzureCreateSslServerCert/CertificateWorker.cs	Removed unused using directives.
src/AzureCertTools/AzureCreateSslServerCert/AzureCreateSslServerCert.csproj	Added package icon inclusion for packing consistency.
src/AzureCertTools/AzureCreateSigningCert/readme.md	Expanded usage examples and clarified option semantics.
src/AzureCertTools/AzureCreateSigningCert/AzureCreateSigningCert.csproj	Switched to shared package logo + consolidated packing metadata usage.
src/AzureCertTools/AzureCreateRootCert/readme.md	New/updated documentation for root cert tool including PathLengthConstraint.
src/AzureCertTools/AzureCreateRootCert/Program.cs	Passed PathLengthConstraint into root cert creation flow.
src/AzureCertTools/AzureCreateRootCert/Options.cs	Added PathLengthConstraint CLI option.
src/AzureCertTools/AzureCreateRootCert/CertificateWorker.cs	Applied optional path length constraint to Basic Constraints extension.
src/AzureCertTools/AzureCreateRootCert/AzureCreateRootCert.csproj	Added package metadata/readme/logo for packing as a tool.
src/AzureCertTools/AzureCreateIntermediateCert/readme.md	New/updated documentation for intermediate cert tool including PathLengthConstraint.
src/AzureCertTools/AzureCreateIntermediateCert/Program.cs	Passed PathLengthConstraint into intermediate cert creation flow.
src/AzureCertTools/AzureCreateIntermediateCert/Options.cs	Added PathLengthConstraint CLI option.
src/AzureCertTools/AzureCreateIntermediateCert/CertificateWorker.cs	Applied optional path length constraint to Basic Constraints extension.
src/AzureCertTools/AzureCreateIntermediateCert/AzureCreateIntermediateCert.csproj	Added package metadata/readme/logo for packing as a tool.
README.md	Updated top-level usage docs for new tools/options.
.github/workflows/shared-build.yml	Fixed intermediate publish target and added dotnet pack for selected Azure tools.

Comments suppressed due to low confidence (5)

src/AzureCertTools/AzureCreateRootCert/readme.md:16

• The option list is missing the required "Subject" argument and refers to "ExpiryMonths" even though the CLI option/property is named "ExpireMonths". Please align the documentation with the actual options.

Where:
* CertificateName: The name of the certificate in Azure Key Vault.
* KeyVaultUri: The URI of the Azure Key Vault to store the certificate (like https://some-name.vault.azure.net/).
* PathLengthConstraint: If specified, the generated CA certificate will have a path length constraint extension with the provided length. This limits the maximum number of intermediate CA certificates that can be created under this root CA certificate. If not specified, no path length constraint will be set.
* TenantId: The Entra ID tenant ID.
* ClientId: The client ID of the service principal used to access the Key Vault.
* ClientSecret: The client secret of the service principal used to access the Key Vault.
* WorkloadIdentity: If set, the tool will use an Entra ID Managed Identity [Workload identity federation](https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation) to access the Key Vault. Use this option when running the tool in an Azure Pipeline or a GitHub Action with workload identity federation configured.
* Interactive: If set, the tool will use interactive login to Entra ID to access the Key Vault.
* ExpiryMonths: The number of months the certificate is valid, default is 240.

src/AzureCertTools/AzureCreateIntermediateCert/readme.md:18

• This README refers to "ExpiryMonths" in the description, but the actual CLI option/property is named "ExpireMonths". Please make the naming consistent to avoid user confusion.

* WorkloadIdentity: If set, the tool will use an Entra ID Managed Identity [Workload identity federation](https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation) to access the Key Vault. Use this option when running the tool in an Azure Pipeline or a GitHub Action with workload identity federation configured.
* Interactive: If set, the tool will use interactive login to Entra ID to access the Key Vault.
* ExpiryMonths: The number of months the certificate is valid, default is 240.

README.md:83

• The AzureCreateIntermediateCert usage example is missing the required "--SignerCertificateName" argument, and it is also missing a space before "--KeyVaultUri" after the optional PathLengthConstraint segment.

AzureCreateIntermediateCert --Subject <subject> --CertificateName <name> --ExpireMonths <months> [--PathLengthConstraint <length> ]--KeyVaultUri <uri> --TenantId <tenantId> --ClientId <clientId> [--ClientSecret <clientSecret> | --Interactive | --WorkloadIdentity]

**.github/workflows/shared-build.yml:148**
* This dotnet pack call will rebuild/restore by default even though restore/build already ran earlier in the workflow. Consider adding --no-build and --no-restore to avoid redundant work.

- name: 'Build: Publish AzureCertTools/AzureCreateIntermediateCert'
  if: ${{ inputs.store-artifacts }}
  run: |
    dotnet publish ${{ env.AzureCertToolsPath }}/AzureCreateIntermediateCert/AzureCreateIntermediateCert.csproj --configuration ${{ inputs.configuration }} --no-restore -p:PublishProfile=FolderProfile
    dotnet pack ${{ env.AzureCertToolsPath }}/AzureCreateIntermediateCert/AzureCreateIntermediateCert.csproj --configuration ${{ inputs.configuration }}
  shell: pwsh

**.github/workflows/shared-build.yml:168**
* This dotnet pack call will rebuild/restore by default even though restore/build already ran earlier in the workflow. Consider adding --no-build and --no-restore to avoid redundant work.

- name: 'Build: Publish AzureCertTools/AzureDeleteCert'
  if: ${{ inputs.store-artifacts }}
  run: |
    dotnet publish ${{ env.AzureCertToolsPath }}/AzureDeleteCert/AzureDeleteCert.csproj --configuration ${{ inputs.configuration }} --no-restore -p:PublishProfile=FolderProfile
    dotnet pack ${{ env.AzureCertToolsPath }}/AzureDeleteCert/AzureDeleteCert.csproj --configuration ${{ inputs.configuration }}
  shell: pwsh

</details>