prevent unintentional user deactivation or deletion (#91)

Prevent the destruction of databricks users by terraform and 
add a link to azure documentation in the comments

Author: cran1um

examples/adb-unity-catalog-basic-demo/modules/metastore-and-users/main.tf

@@ -142,13 +142,20 @@ locals {
 
 // All governed by AzureAD, create or remove users to/from databricks account
 resource "databricks_user" "this" {
-  provider     = databricks.azure_account
-  for_each     = local.all_users
-  user_name    = lower(local.all_users[each.key]["user_principal_name"])
-  display_name = local.all_users[each.key]["display_name"]
-  active       = local.all_users[each.key]["account_enabled"]
-  external_id  = each.key
-  force        = true
+  provider                 = databricks.azure_account
+  for_each                 = local.all_users
+  user_name                = lower(local.all_users[each.key]["user_principal_name"])
+  display_name             = local.all_users[each.key]["display_name"]
+  active                   = local.all_users[each.key]["account_enabled"]
+  external_id              = each.key
+  force                    = true
+  disable_as_user_deletion = true # default behavior
+
+// Review warning before deactivating or deleting users from databricks account
+// https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/scim/#add-users-and-groups-to-your-azure-databricks-account-using-azure-active-directory-azure-ad
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 // Extract information about service prinicpals users
@@ -195,4 +202,4 @@ resource "databricks_user_role" "account_admin" {
   user_id  = databricks_user.this[each.key].id
   role     = "account_admin"
   depends_on = [databricks_group.this, databricks_user.this, databricks_service_principal.sp]
-}
+}