Fix Azure Health Data Services deployment failure

[marrobi]

What is being addressed

Fix Azure Health Data Services deployment failures due to outdated AzureRM provider and missing role assignments for workspace groups.

How is this addressed

• Upgraded AzureRM provider to version 4.58.0 to resolve deployment issues.
• Implemented role assignments for workspace owners and researchers groups to ensure proper access control.
• Updated the service version to 0.3.4 and added necessary parameters for group IDs.
• CHANGELOG.md will be updated accordingly.

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 573e289.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This PR updates the Azure Health Data Services workspace service to use a newer AzureRM provider and switch from app-role based assignments to RBAC assignments for workspace owner/researcher groups, aligning it with other workspace services and fixing deployment failures.

Changes:

• Bumped the AzureRM provider for the health-services Terraform module to 4.58.0 and updated the lock file accordingly.
• Replaced app-role–based role assignments with direct RBAC assignments to workspace owners and researchers AAD groups, wiring new group ID parameters through template_schema.json, porter.yaml, and Terraform variables.
• Updated the workspace service bundle version to 0.3.4 and added a corresponding BUG FIX entry in CHANGELOG.md.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
templates/workspace_services/health-services/terraform/variables.tf	Introduces workspace_owners_group_id and workspace_researchers_group_id Terraform variables with non-empty validation for use in RBAC role assignments.
templates/workspace_services/health-services/terraform/roles.tf	Removes external/script-based app role member resolution and adds direct role assignments for FHIR and DICOM services to workspace owner and researcher groups using built-in Azure roles.
templates/workspace_services/health-services/terraform/providers.tf	Updates the azurerm provider constraint to 4.58.0 (note: external provider is still declared even though it’s no longer used in this module).
templates/workspace_services/health-services/terraform/.terraform.lock.hcl	Refreshes the lockfile to pin hashicorp/azurerm at 4.58.0 with updated hashes while retaining the external provider lock.
templates/workspace_services/health-services/template_schema.json	Adds hidden properties and pipeline mappings for workspace_owners_group_id and workspace_researchers_group_id to flow group IDs from the parent workspace into the service deployment.
templates/workspace_services/health-services/porter.yaml	Bumps bundle version to 0.3.4, drops obsolete AAD auth credentials, and threads the new workspace group ID parameters into install/upgrade/uninstall Terraform invocations.
CHANGELOG.md	Adds a BUG FIX entry documenting the Azure Health Data Services deployment fix via provider upgrade and RBAC group assignments.

Files not reviewed (1)

• templates/workspace_services/health-services/terraform/.terraform.lock.hcl: Language not supported

Comments suppressed due to low confidence (1)

templates/workspace_services/health-services/terraform/providers.tf:11

• The external provider is still declared here, but there are no remaining data "external" or other uses of this provider in the health-services Terraform module (e.g. roles.tf no longer references it). To simplify the module and avoid downloading an unused provider, consider removing the external entry from required_providers (and updating .terraform.lock.hcl accordingly).

    external = {
      source  = "hashicorp/external"
      version = "= 2.3.5"
    }