devops: migrate to OIDC for Docker publishing (#2914)

Author: mxschmitt

.github/workflows/publish_docker.yml

@@ -16,20 +16,27 @@ jobs:
     name: "publish to DockerHub"
     runs-on: ubuntu-22.04
     if: github.repository == 'microsoft/playwright-dotnet'
+    permissions:
+      id-token: write   # This is required for OIDC login (azure/login) to succeed
+      contents: read    # This is required for actions/checkout to succeed
+    environment: Docker
     steps:
     - uses: actions/checkout@v4
+    - name: Azure login
+      uses: azure/login@v2
+      with:
+        client-id: ${{ secrets.AZURE_DOCKER_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_DOCKER_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_DOCKER_SUBSCRIPTION_ID }}
+    - name: Login to ACR via OIDC
+      run: az acr login --name playwright
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v3
       with:
         dotnet-version: 8.0.x
     - name: Install prerequisites and download drivers
       shell: bash
       run: ./build.sh --download-driver
-    - uses: azure/docker-login@v1
-      with:
-        login-server: playwright.azurecr.io
-        username: playwright
-        password: ${{ secrets.DOCKER_PASSWORD }}
     - name: Set up Docker QEMU for arm64 docker builds
       uses: docker/setup-qemu-action@v3
       with: