Deployer VM RBAC roles requirements for correct bicep build

[vanzod]

When building the Az-HOP infrastructure using bicep from a deployer VM with system managed identities, to successfully complete the build a subscription contributor role is required. If I run the build.sh script with the roles described in the documentation with contributor role restricted to the resource group, the deployment fails with the following error:

{"code": "AuthorizationFailed", "message": "The client 'c2e131eb-4338-40b6-ad04-894582f10917' with object id 'c2e131eb-4338-40b6-ad04-894582f10917' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/subscriptions/f5a67d06-2d09-4090-91cc-e3298907a021' or the scope is invalid. If access was recently granted, please refresh your credentials."}