docs changes for nginxaas github action improvements

nginxaas github action now supports specifying
protected files. The action also needs the
Contributor role on a lower scope than perviously
needed.

Author: kuthiala

content/nginxaas-azure/changelog.md

@@ -14,6 +14,25 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi
 To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/changelog-archive" >}}) section.
 
 
+## Aug 18, 2025
+
+- {{% icon-feature %}} **Updates to NGINXaaS for Azure GitHub Action**
+
+  - Users can now specify files in their config directory to be marked as protected using a new optional Action input called `protected-files`. This new input accepts comma-separated list of file paths relative to the nginx config directory that should be marked as protected. For more information, please visit [NGINXaaS for Azure Deployment Action](https://github.com/marketplace/actions/nginx-configuration-sync) on GitHub actions marketplace. Example:
+      ```yaml
+         - name: Sync NGINX Config to Azure
+         uses: nginxinc/[email protected]
+         with:
+            nginx-config-directory-path: configs/
+            nginx-root-config-file: nginx.conf
+            transformed-nginx-config-directory-path: /etc/nginx/
+            protected-files: protected-1.conf,protected-2.conf
+      ```
+
+
+  - The service principal used for Azure login before invoking the NGINXaaS for Azure Deployment Action now needs Contributor role only on the NGINXaaS for Azure deployment scope and not on the resource group containing the NGINXaaS deployment. This allows for a better security posture.
+
+
 ## May 22, 2025
 
 - {{% icon-feature %}} **NGINXaaS for Azure now supports IPv6**