CredentialsRequest for Azure AD Workload Identity contains unnecessary network permissions.

- Microsoft.Network/applicationSecurityGroups/delete
- Microsoft.Network/applicationSecurityGroups/write
- Microsoft.Network/loadBalancers/delete
- Microsoft.Network/networkSecurityGroups/delete
- Microsoft.Network/routeTables/delete
- Microsoft.Network/routeTables/write
- Microsoft.Network/virtualNetworks/subnets/delete
- Microsoft.Network/virtualNetworks/subnets/write
- Microsoft.Network/virtualNetworks/write
- Microsoft.Resources/subscriptions/resourceGroups/delete
- Microsoft.Resources/subscriptions/resourceGroups/write

4.14.0

N/A

1. Remove above permissions from the Azure Credentials request and validate that MAO continues to function in Azure AD Workload Identity cluster.

Unnecessary network write permissions enumerated in CredentialsRequest.

Only necessary permissions enumerated in CredentialsRequest.

Additional unnecessary permissions will be hard to pin point but these specific permissions were questioned by MSFT and are likely only needed by the installer as output by CORS-1870 investigation.