Investigate how TerraformTask performs auto logins for service connections

[japarson]

          @japarson That works! Below is my final code, it work in PowerShell for me and using a managed identity in the service connection. Interesting that a second az login is what did it. AFAIK, the AzureCLI does a log into Azure, but maybe it only persists for that task's duration and not the rest of the pipeline.

I think an improvement to the TrustedSigning task would be to follow what the TerraformTask does. You can specify a service connection, and the task auto-logins in with that service connection's authentication mechanism (secret, workload identity, etc.).

- task: AzureCLI@2
  inputs:
    azureSubscription: '<service connection>'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
      Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
      Write-Host "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
    addSpnToEnvironment: true

- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)

- task: TrustedSigning@0
  inputs:
    ExcludeSharedTokenCacheCredential: true
    ExcludeVisualStudioCredential: true
    ExcludeVisualStudioCodeCredential: true
    Endpoint: 'https://eus.codesigning.azure.net/'
    CodeSigningAccountName: '<name>'
    CertificateProfileName: '<profile>'
    FilesFolder: '$(System.DefaultWorkingDirectory)'
    FileDigest: 'SHA256'

Originally posted by @JeffBrownTech in https://github.com/Azure/trusted-signing-action/issues/21#issuecomment-2113367971