az cli resource tagging should require less permissions

[kfirg-cetu]

Related command

 az resource tag    \
           --ids /subscriptions/**/resourceGroups/**/providers/Microsoft.Compute/virtualMachines/** \
           --tags test=will-it-work

Is your feature request related to a problem? Please describe.
Require ability to set the tags of a given VM without permissions to change other attributes of the VM, e.g block devices.

Describe the solution you'd like
az resource tag command to work with the minimal set of permissions by using only "Microsoft.Resources/tags/*" permissions

Describe alternatives you've considered

• Providing additional permissions, e.g Virtual Machine Contributor
• Applying the configuration without az cli (e.g use sdk directly)

Additional context
Errors from trying to set tags on different permissions

trying to use Microsoft.Compute/disks/write

Message: The client '**' with object id '**' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/**/resourceGroups/**/providers/Microsoft.Compute/virtualMachines/**'; however, it does not have permission to perform action(s) 'Microsoft.Compute/disks/write' on the linked scope(s) '/subscriptions/**/resourceGroups/**/providers/Microsoft.Compute/disks/cetu-installer-kfirg-cetu-**' (respectively) or the linked scope(s) are invalid.

trying to use Microsoft.Network/networkInterfaces/join/action which is not related

Message: The client '**' with object id '**' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/*/resourceGroups/**/providers/Microsoft.Compute/virtualMachines/**'; however, it does not have permission to perform action(s) 'Microsoft.Network/networkInterfaces/join/action' on the linked scope(s) '/subscriptions/**/resourceGroups/**/providers/Microsoft.Network/networkInterfaces/***' (respectively) or the linked scope(s) are invalid.

And the list of unrelated permissions goes on

[yonzhan]

Thank you for opening this issue, we will look into it.