Admin: Make Azure Blob deploy atomic to prevent mid-deploy broken-site window

[hilram7]

Every push to main redeploys the Docusaurus site to Azure Blob Storage via build-and-deploy.yml. The deploy isn't atomic: during the upload window the live index.html can already reference new hashed JS/CSS bundles that haven't finished uploading (or old assets get purged first), so visitors hit the Docusaurus "site did not load properly / check your baseUrl" error until the deploy completes. Observed live on 2026-06-02 during run #2592 (~15 min build + deploy/upload of a 1.46 GB artifact). It's intermittent — only visible if you load the site mid-deploy.

Goal: Eliminate the broken-site window by making the deploy atomic. Options to evaluate:

1. Upload all new hashed assets first, swap index.html last (and don't purge old assets until the new ones are live).
2. Deploy to a fresh container/slot and switch over once fully uploaded (blue-green).
3. Put a CDN/Front Door in front with proper cache + asset versioning so old bundles stay served until cutover.

Evidence: Run #2592 — https://github.com/netwrix/docs/actions/runs/26837199091

Related: data-export-staging #56 (Teams alert on sync dev→main failure) and #53 (HTTP security headers via Azure CDN/Front Door) touch the same deploy/CDN surface.