Expected new feature:

• In Ansible Controller, when defining a new Execution Environment ( Automation Execution - Infrastructure - Execution Environments ), we can use `az acr login` method with Service Principal for the external Registry Credential. The Image URL is the image address from Azure Container Registry
• Ansible Controller can handle the short-lived token generated by the `az acr login` using the Service Principal to do the image pull from Azure Container Registry.

Reason for RFE:

• Entra ID Conditional Access Policy only allows whitelisted private IP addresses for authentication. The private IP addresses are the customer's Azure Private Networking IP Addresses
• When the default podman login (current AAP external registry credential type) is used (username is Service Principal Client ID and password is Client secret), Azure Container Registry acts as the middleman to perform the authentication against Entra ID to get the short-lived token. This results in Azure Container Registry's Microsoft managed internal IP to be the outboud interface and does not meet Conditional Access whitelisted private IP addresses requirements
• When 'az acr login' is used, the client (such as Ansible Controller) will perform the authentication against Entra ID itself to get the token for the container image pull. This will meet the whitelisted private IP addresses requirement because Ansible Controller is using customer's Azure Private Networking IP Address