`az ad sp create-for-rbac` should support finer grain of credential expiry time

[jiasli]

Related command
az ad sp create-for-rbac

Is your feature request related to a problem? Please describe.
Currently, only integer --years is supported which is too rough:

> az ad sp create-for-rbac -h
...
Credential Arguments
    --years                             : Number of years for which the credentials will be valid.
                                          Default: 1 year.

The minimum expiry time is 1 year which is against the security best practice of setting expiry time as short as possible.

Caution

If there is a policy in the tenant that forbids expiry time >= 1 year, az ad sp create-for-rbac will fail.

Describe the solution you'd like

1. Support --end-date similar to that from az ad app credential reset and az ad app create.
2. Support --days like Azure Portal:

Describe alternatives you've considered
Drop --year as it encourages imprecise expiry time and it also causes ambiguity in leap years (#28520).

[yonzhan]

It seems that Azure Portal disables the options dynamically based on the policy which is set.

[WillEastbury]

+1 for this.

Years is somewhat coarse grained, especially when policies are set, any applied sensible policy will make this --years flag unusable by throwing a "Credential lifetime exceeds the max value allowed as per assigned policy" error.