Support claimsMatchingExpression for `az ad app federated-credential create`

[glenthomas]

Related command

az ad app federated-credential create

Is your feature request related to a problem? Please describe.

I want to create a federated credential to work with a GitHub merge queue. The subject is not static so I need to use the 'claims matching expression' feature instead.
This appears to not be supported by the Azure CLI. I get this error:

Property 'subject' cannot be empty.

The docs say:

If claimsMatchingExpression is defined, subject must be set to null.

Describe the solution you'd like

I want to be able to create a federated credential that uses claimsMatchingExpression instead of subject.

{
    "name": "MergeQueue",
    "issuer": "https://token.actions.githubusercontent.com",
    "subject": null,
    "claimsMatchingExpression": "claims['sub'] matches 'repo:my-org/my-repo:ref:refs/heads/gh-readonly-queue/main/pr*'",
    "description": "Merge queue",
    "audiences": [
        "api://AzureADTokenExchange"
    ]
}

Describe alternatives you've considered

I can't access Entra in the portal in my organisation, but it would work if I could...

Additional context

[yonzhan]

Thank you for opening this issue, we will look into it.