Description of problem:

When the installer destroys service principals (app registrations), the associated role assignment for the service principal is not deleted.
    

Version-Release number of selected component (if applicable):

How reproducible:

 Always   

Steps to Reproduce:

    1. Run an install
    2. Destroy it
    3. Check for leftover role assignments
    

Checking role assignments in the installer subscription we can see role assignments with no identity: https://portal.azure.com/#@jamesrussell1911gmail.onmicrosoft.com/resource/subscriptions/433715e6-37fe-4328-af75-3661e13b15fc/users 

Actual results:

    Role assignment with no associated identity is left behind

Expected results:

    Role assignment is deleted

Additional info:

Installer App registration deletion: https://github.com/openshift/installer/blob/1e808918a224e6dbd2b322810f66634bd4ff1815/pkg/destroy/azure/azure.go#L759

Prior ART from ARO:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/azure/deprovision/sp-and-custom-role/azure-deprovision-sp-and-custom-role-commands.sh

https://github.com/Azure/ARO-RP/blob/d8742688298c42185926015b711b1a89661ac0aa/pkg/util/cluster/cluster.go#L756

slack xref: https://redhat-internal.slack.com/archives/CHFF1LCUR/p1723738516075659