Improve credential logging and choice

[jemrobinson]

:white_check_mark: Checklist

• [x] You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
• [x] You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
• [x] Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).

:vertical_traffic_light: Depends on

n/a

:arrow_heading_up: Summary

Currently credential confirmation is written to the logs in unnecessary places (e.g. in the Pulumi output) and the user is not given a chance to check that the credentials are correct.

This adds:

• a confirmation prompt the first time a set of credentials are used
• suppresses credential information
  • after approval has been given
  • inside Pulumi (which is run as a separate process, so the previous class-variable solution was not working)

:closed_umbrella: Related issues

n/a

:microscope: Tests

Tested on a fresh SRE deployment and on update

[github-actions[bot]]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
data_safe_haven/external/api
azure_sdk.py
credentials.py
Project Total

This report was generated by python-coverage-comment-action

[JimMadge]

We recently removed the prompt for users to confirm the credentials, was that because it was difficult to keep in restructuring or because we decided it wasn't a good idea?

[craddm]

Was maybe because it was super annoying to have to reconfirm every time? Doing it the first time makes sense

[jemrobinson]

Because it was prompting during non-interactive sessions (i.e. during Pulumi calls) which caused lock-ups. With this PR we can set the skip_confirmation flag in the Pulumi code which should mean that the prompt (and associated messages) only happen in the interactive part of the code.