App Roles for the App Registration should be documented

[ryanspletzer]

I had to dig through the python deployment script in order to understand the app roles that needed to be configured on the app registration.

onefuzz/src/deployment/deploy.py

Lines 272 to 289 in 54d49a9

	app_roles = [
	AppRole(
	allowed_member_types=["Application"],
	display_name=OnefuzzAppRole.CliClient.value,
	id=str(uuid.uuid4()),
	is_enabled=True,
	description="Allows access from the CLI.",
	value=OnefuzzAppRole.CliClient.value,
	),
	AppRole(
	allowed_member_types=["Application"],
	display_name=OnefuzzAppRole.ManagedNode.value,
	id=str(uuid.uuid4()),
	is_enabled=True,
	description="Allow access from a lab machine.",
	value=OnefuzzAppRole.ManagedNode.value,
	),
	]

Provide a description of requested docs changes

This should more clearly be delineated in markdown documentation in the event that someone is trying to create the app registration by hand. In most secure enterprises, people do not have standing access to create apps / service principals in Azure AD and there is typically a process for getting one created. In this event, in would be helpful to have this documented to save people time from trying to discern all the things the python deployment script is doing.

@shambho
The deployment script is the only supported way to register the application. We do not support the manual creation.
You are welcome to translate the deployment code to manual steps or wait for the audit of the deployment script.

Originally posted by @chkeita in #813 (comment)

A few lines of documentation on how to set up the app registration is a reasonable ask here.

[chkeita]

That is good suggestion. We will add description of the azure entities created by the deployment script in the docs.

[chkeita]

docs updated

[ryanspletzer]

@chkeita thank you so much!