`az ad app credential reset`/`az ad sp create-for-rbac`: `--years` adds 366 days in leap years

[jiasli]

Related command
az ad app credential reset
az ad sp create-for-rbac

Is your feature request related to a problem? Please describe.
Currently, --years is added directly to the current year to compute the credential end date:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Lines 1176 to 1177 in 03ad904

	app_start_date = datetime.datetime.now(datetime.timezone.utc)
	app_end_date = app_start_date + relativedelta(years=years or 1)

If the time range contains a leap year, 366 days will be added.

from dateutil.relativedelta import relativedelta
from datetime import datetime

print(datetime(2023, 1, 1) + relativedelta(years=1) - datetime(2023, 1, 1))
# output: 365 days, 0:00:00
print(datetime(2024, 1, 1) + relativedelta(years=1) - datetime(2024, 1, 1))
# output: 366 days, 0:00:00

Caution

If there is a policy in the tenant that forbids expiry time longer than 365 days, the 366 day expiry time will cause commands to fail.

Luckily, now is already past 2024-02-29, so the next time it will happen is 2028.

Describe the solution you'd like
Use datetime.timedelta instead of dateutil.relativedelta.relativedelta to add exactly 365 days per year, regardless of leap years, in order to make the computed end date definitive.

Azure Portal uses exactly 365 days:

[yonzhan]

A good finding for 366 days in leap years.