Ensure storage_ip_rules regexall only matches /31 and /32, but leaves…

… /30 alone since it is valid

locals.tf

@@ -1,7 +1,7 @@
 locals {
   # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#ip_rules
   # > Small address ranges using "/31" or "/32" prefix sizes are not supported. These ranges should be configured using individual IP address rules without prefix specified.
-  storage_ip_rules = toset(flatten([for cidr in var.allowed_cidrs : (length(regexall("/3.", cidr)) > 0 ? [cidrhost(cidr, 0), cidrhost(cidr, -1)] : [cidr])]))
+  storage_ip_rules = toset(flatten([for cidr in var.allowed_cidrs : (length(regexall("/3(1|2)", cidr)) > 0 ? [cidrhost(cidr, 0), cidrhost(cidr, -1)] : [cidr])]))
 
   pitr_enabled = (
     alltrue([var.blob_data_protection.change_feed_enabled, var.blob_data_protection.versioning_enabled, var.blob_data_protection.container_point_in_time_restore])