Add MI support for build script

[hippogr]

This PR implements the following features:

1. Use managed identity to login to the docker registry besides of user-password login. If user and password are not set in config, the pai build script will try to use current user's credential to login to docker registry. If managed identity is set in config file, this managed identity will be used to login to docker registry.
2. Remove docker registry login when image building when running "pai_build.py build". The script will try to login to the docker registry only when push operation is called.

[Copilot]

Pull request overview

This PR extends the pai_build.py build/push tooling to support authenticating to container registries via Azure Managed Identity (MI) in addition to username/password, and changes the flow so registry login happens only when pushing images (not during image build).

Changes:

• Add managed-identity-id support in config parsing and CLI flags.
• Update DockerClient to support MI-based Azure CLI + ACR login when username/password aren’t provided.
• Move docker registry login to push_center() so build no longer triggers login.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
build/pai_build.py	Adds CLI flags for MI and updates config override logic.
build/model/config_model.py	Parses managed-identity-id from build configuration YAML into dockerRegistryInfo.
build/core/build_utility.py	Extends DockerClient to support MI/Azure CLI login and removes automatic login during initialization.
build/core/build_center.py	Passes managedIdentityId into DockerClient and performs login only before pushing.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.