CMK support for Cosmos DB (even though this is part of core, this case is listed separately as it requires special handling since the implementation is not straightforward)

[yuvalyaron]

Adding CMK support for Cosmos DB requires special handling, while CMK support for Cosmos is part of the core implementation and could have been implemented as part of #4142, it requires special handling due to its complexity.

1. The Terraform implementation does not allow adding CMK to an existing Cosmos DB account without deleting the account. However, Azure documentation states that CMK can be added without requiring deletion.

2. AzureRM Cosmos DB currently only supports using FirstPartyIdentity when the account is created with CMK enabled. This means the account must initially be created with FirstPartyIdentity, and the identity type can only be changed after creation.
   As seen in this example: https://github.com/Azure/terraform-azurerm-cosmosdb/blob/v1.0.0/examples/203-cosmosdb-customer-managed-key/main.tf