Your architecture "Client => CloudFlare => Azure FD Premium => App Service" could make sense if you have specific requirements(Capctha, unlimited DDoS Protection, etc).
Cloudflare has similiar functionality with their own WAF features, custom rules, but with some more advanced options such as JS challenge or Capctha, while Front door has Block, log or redirect action. Cloudflare also provide unlimited DDoS Protection as well.
Azure Front Door – All traffic from Cloudflare WAF will be routed to Azure Front Door before arriving at App Service.
Cloudflare – The web application firewall, which manages all traffic that is sent to the App Service.
App Service - Hosted application