[Feature Request] `az role assignment list/delete`: Make `--scope` a required argument

[jiasli]

#27651 made --scope a required argument for az role assignment create.

I propose making --scope a required argument for az role assignment list/delete too, as explained below:

az role assignment list

Even though the output of this command contains no secret, it contains PII - the email address of the assignee:

  {
    "id": "/subscriptions/xxx/providers/Microsoft.Authorization/roleAssignments/xxx",
    "principalId": "xxx",
    "principalName": xxx#EXT#@xxx.onmicrosoft.com,
    "principalType": "User",
    ...
  }

Without specifying --scope, this command lists all role assignments under the current subscription. The PII can be saved into build logs, such as GitHub Action logs. Therefore, we should ask the user to explicitly specify the scope under which role assignments should be listed to avoid showing PII as much as possible.

az role assignment delete

#13577 made a very nice metaphor: This command is an insane footgun. Without specifying --scope, it deletes all role assignment under the current subscription. We should ask the user to explicitly specify the scope under which role assignments should be deleted to avoid expectedly nuking the whole subscription.

Making --scope a required argument aligns all create, list and delete commands to have a consistent interface.

[yonzhan]

Thank you for opening this issue, we will look into it.