We should automate ACLs based on Instance Profiles / Service Principals and other legacy security mechanisms.

See the data collected in:

• Added baseline for getting Azure Resource Role Assignments #764

Expected flow:

1. check all service principals in azure_storage_account_info.csv
2. check all storage credentials
3. see which service principals have matching storage credentials
4. report what credentials are missing
5. prompt-confirm creation of storage credential from service principal
6. give user three options: terraform config, invoke AWS CLI, pick an existing role, create via API

Related issues:

• Create EXTERNAL LOCATIONs to map to External Tables (Azure) #100
• [FEATURE]: Migrate AWS IAM Instance Profiles to UC Storage Credentials #862