Issue with special characters in SP credentials in latest version of Az CLI

[AdamSharif-MSFT]

Describe the bug

When created a new SP (or resetting credentials) n Azure CLI, special characters appear such as !, $, and ' which cause issues with variables/commands in Linux:

Example (obfuscated):

> az ad sp create-for-rbac
Creating a role assignment under the scope of "/subscriptions/**[redacted]**"
  Retrying role assignment creation: 1/36
{
  "appId": "dummy-app-id",
  "displayName": "**[redacted]**",
  "name": "**[redacted]**",
  "password": "**[redacted]**$9=:p;**[redacted]**(<5\\**[redacted]**@<a3r/N!**[redacted]**",
  "tenant": "**[redacted]**"
}

> pass="[redacted]" --> value from above
zsh: event not found: >I

To Reproduce

1. az ad sp create-for-rbac --skip-assignment (or az ad sp credential reset)
2. set variable as password value
3. Try to use variable

Expected behavior

Secret value should contain only character which are permitted and usable in scripts/variables

Environment summary

> az version
{
  "azure-cli": "2.6.0",
  "azure-cli-command-modules-nspkg": "2.0.3",
  "azure-cli-core": "2.6.0",
  "azure-cli-nspkg": "3.0.4",
  "azure-cli-telemetry": "1.0.4",
  "extensions": {
    "aks-preview": "0.4.44",
    "azure-firewall": "0.3.1"
  }
}

WSL & Bash/Zsh, Ubuntu VM with Bash

Additional context

Testing a previous version of CLI such as 2.4, we see that secrets are generated as GUID format with only - for special characters. Same case for Azure PowerShell module.

[jiasli]

This was introduced in #13357. @qianwens, please help take a look.

[jiasli]

Special characters like ', ", ! and $ will cause issues in Linux Bash even though the password is quoted.

$ echo "some"password"
> ^C
$ echo 'some'password'
> ^C
$ echo "some!password"
-bash: !password: event not found
$ echo "some$password"
some

! is treated as History Expansion. $ is treated as Parameter Expansion.

Things become worse if the password is not quoted, like | for piping, and > < for stream redirection. Even / is parsed by MinGW as Linux->Windows path translation.

$ az /pass/word --debug
Command arguments: ['C:/Users/xxx/Git/pass/word', '--debug']

We should not use special characters of Bash in the password. Otherwise customer's script will be broken.

Azure Portal uses -_.~:

However, ~ is not very safe, as it can be parsed as $HOME:

$ echo ~/password
/home/user2/password

Even - may cause problem when it is at the beginning of a word like --password which will be treated as a parameter.

If we use safe characters -_.~, we need to make sure the first character is a letter or number.

[yonzhan]

add to S170