[Feature] Support use_azuread_auth for StorageAccount

[patst]

What problem are you facing?

We are in a restricted network environment and have to use PrivateEndpoints for all resources, this includes StorageAccounts.

There was a long standing issue in the terraform provider which only supported the combination between PrivateEndpoints + StorageAccounts if SAS-Keys are activated and EntraID authentication is not used (see pr hashicorp/terraform-provider-azurerm#27819 ).

From a security standpoint the recommendation is to disable the Shared Access Keys and use EntraID authentication.

With the Terraform Azurerm Provider Version 3.117.0 supported since provider-upjet-azure v1.10.0 a feature flag storage_use_azuread = true can be set to enable private dataplane support. (see the azurerm docs )

What could help solve your problem?

I saw in #748 that it is against crossplanes idea to support the internal knobs of the underlying providers and the resources should add the required configurations.

The idea would to add a attribute use_entra_auth: true to the Accountresource.

I was looking around in the source code, but was not able to find a place where I am able to configure the providers features for a resource.

Is this a feature not supported at the moment?

Would be great to have it. Especially speaking for the azurerm Terraform Provider there are some features which would be great to be added to a resource config.