This method is added to the Azure cloud interface. We need to set the
AAD user's alternate email, which is a subsequent PATCH call to the API.
These two calls are handled with a single interface method and payload
because ATAT would never create a user without an associated email.
This commit also:
- Expands internal method for getting principal tokens so that it can be
scoped to different resources.
- Retains the tenant domain name in the portfolios.csp_data column
because ATAT needs that information for provisioning users via API.
Currently the create call will be consumed by on-demand requests from the frontend, and the 2 stage create will be used by the enviroment management group provisioning to verify an initial subscription was created.
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
