Add auth to V3 monitoring search cursor URLs

[joelverhagen]

Currently the storage containers for our regional search instances are public. This is okay from a privacy standpoint (all of the content in there is public package metadata). But it is unnecessary. They are really internal storage accounts that should not have external callers. It will make our compliance simpler if we just lock these storage accounts down and use auth in the places that allow access.

Currently, this is our V3 monitoring pipeline, our cursor monitoring system (Synthetics), and NuGet Insights.

Progress on https://github.com/NuGet/Engineering/issues/5576.

This PR adds support for using SAS or managed identity for accessing the Azure Search cursor URLs in the V3 monitoring pipeline.

Summary of changes:

• Enable base64 decoding on queue client. This is a breaking change in the new SDK (base64 encoding was forced on WindowsAzure.Storage)
• Add AzureBlobCursor which is a ReadCursor implementation using BlobClient. This allows auth'd scenarios.
• Fix default storage suffix for creating storage queues. This was broken before.
• Add -searchCursorSasValue-* and -searchCursorUseManagedIdentity-* arguments to MonitoringProcessor and CatalogToMonitoring so that credentials can be plumbed in for accessing the search cursors.
• Refactor SearchEndpointConfiguration and related types to allow the various search cursor read scenarios.
• Improve UT coverage for CommandHelpers.