Add logout-from-azure action and use it in Azure workflows (OSOE-694)

[BenedekFarkas]

From the azure/login action's readme:

Az logout and security hardening

This action doesn't implement az logout by default at the end of execution. However there is no way of tampering the credentials or account information because the github hosted runner is on a VM that will get reimaged for every customer run which gets everything deleted. But if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below. More details on security of the runners can be found here.

- name: Azure CLI script
  uses: azure/CLI@v1
  with:
    inlineScript: |
      az logout
      az cache purge
      az account clear

We should add our own action to perform the logout sequence and call it from our workflows that also use azure/login.
However, based on initial testing, it seems that the logout sequence above does not work (i.e., the session is still active and resources can be accessed) for our scripts that use Azure PowerShell modules when running in GitHub Actions (but working as expected locally), so that needs further investigation.

Jira issue

[Piedone]

This is only interesting if we use reused VMs, right?

[BenedekFarkas]

That is the primary concern, but even with an ephemeral runner someone using one of our Azure-connected workflow might run another workflow/script that's fishing for sensitive information and try to exploit the Azure access. That's very unlikely for us, because we know exactly what we run and every external action/workflow is referenced by commit hash, so this is mainly about external users.

[Piedone]

OK, thanks!