Backend/azure: Update go-azure-sdk version to v0.20250131.1134653

[magodo]

This PR updates the hashicorp/go-azure-sdk to version v0.20250131.1134653, for the azure backend. The main reason for this update is to support ADO Pipelines OIDC auth via OIDC Request Token + URL + Service Connection ID, which will refresh the OIDC token if expired.

More context can be found at:

• Enhancement Request: azurerm backend OIDC (Workload Identity federation) authentication support for token refresh #35664 (comment)
• Enhancement Request: azurerm backend authentication upgrade to match provider #34322 (comment)

Fixes #35664

Target Release

1.11.x

CHANGELOG entry

• This change is user-facing and I added a changelog entry.
• This change is not user-facing.

Test

Github Action

name: Backend unit test
on: [workflow_dispatch]

permissions:
  id-token: write
  contents: read
jobs:
  setup-and-test:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout terraform repo'
        uses: actions/checkout@v4
        with:
          repository: 'magodo/terraform'
          ref: 'backend/azure/update_sdk_v0.20250131.1134653'
      - name: 'Setup Go'
        uses: actions/setup-go@v5
        with:
          go-version: '1.23'
      - name: 'Go Test'
        run: |
          cd internal/backend/remote-state/azure
          TF_ACC=1 \
          TF_RUNNING_IN_GITHUB_ACTIONS=1 \
          ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }} \
          ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} \
          ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} \
          ARM_LOCATION=westus2 \
          go test -run="TestAccBackendGithubOIDCBasic" .

ADO Pipelines

trigger: 
 - none

pool:
   vmImage: 'ubuntu-latest'

resources:
  repositories:
    - repository: terraform
      type: github
      endpoint: magodo-pat-read-public-repo
      name: magodo/terraform
      ref: backend/azure/update_sdk_v0.20250131.1134653

steps: 
- task: GoTool@0
  inputs:
    version: '1.23.3'

- checkout: terraform

- task: AzureCLI@2
  inputs:
    azureSubscription: $(CONNECTION_ID)
    scriptType: bash
    scriptLocation: "inlineScript"
    inlineScript: |
      set -e
      cd internal/backend/remote-state/azure
      go test -run="TestAccBackendADOPipelinesOIDCBasic" .
  env:
    TF_ACC: 1
    TF_RUNNING_IN_ADO_PIPELINES: 1
    ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
    ARM_TENANT_ID: $(AZURE_TENANT_ID)
    ARM_CLIENT_ID: $(AZURE_CLIENT_ID) 
    ARM_LOCATION: westus2
    ARM_ADO_PIPELINE_SERVICE_CONNECTION_ID: $(CONNECTION_ID)
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
    SYSTEM_OIDCREQUESTURI: $(System.OidcRequestUri)

[mbfrahry]

Thanks for this PR @magodo. I've left some comments mainly around the naming of the new env variables

[mbfrahry]

LGTM! Thanks for this @magodo

[github-actions]

Changelog Warning

Please move the changelog entry from ./.changes/unreleased to ./.changes/backported for this change. If you believe this change does not need a changelog entry, please add the 'no-changelog-needed' label.

[radeksimko]

As I was recently informed, our policy is actually to not backport backend related changes aside from exceptional circumstances, such as vulnerability mitigation. I don't believe this change can be classified as exceptional circumstances. As a result, it will be part of v1.12 series.