Move SHM firewall to SRE

[jemrobinson]

✅ Checklist

• You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
• You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
• Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).
• You have marked this pull request as a draft and added '[WIP]' to the title if needed (if you're not yet ready to merge).

🚦 Depends on

Must be merged after #1883

⤴️ Summary

Replace the SHM Standard firewall with an SRE Basic firewall

• Cost for SHM-level firewall (3 days): £56.74 => est per month: £575

• Cost for SRE-level firewall (3 days) £17.96 => £182

=> SRE Basic firewall costs ~30% as much as the SHM Standard firewall

🌂 Related issues

Closes #1871

🔬 Tests

Tested on a fresh SRE deployment

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
data_safe_haven/commands
sre.py
data_safe_haven/external/interface
azure_ipv4_range.py
data_safe_haven/infrastructure/common
ip_ranges.py
transformations.py					12-17
data_safe_haven/infrastructure/components/composite
local_dns_record.py					68
data_safe_haven/infrastructure/programs
declarative_shm.py
declarative_sre.py					172
data_safe_haven/infrastructure/programs/shm
networking.py
data_safe_haven/infrastructure/programs/sre
firewall.py					35-56, 72-265
networking.py					54-55, 151-152, 1368-1369, 1741, 1761-1766
data_safe_haven/types
enums.py
tests/infrastructure/common
test_ip_ranges.py
Project Total

This report was generated by python-coverage-comment-action

[JimMadge]

Looks good.

Just a few suggestions for where we can add tests and some questions.