docs(SNFR20): update Terraform access to Entra access package

[jaredfholgate]

Summary

The Terraform section of SNFR20 was out of date. It described the old access model — a single avm-module-owners-terraform GitHub team managed via the legacy Core Identity entitlement (Azure Verified Module Owners Terraform).

Terraform module owner access is now governed centrally through Microsoft Entra via an access package, as already documented in the Terraform contribution guides. This PR aligns SNFR20 with that model.

Changes

• Replaced the Core Identity / single-GitHub-team wording with the current Azure Verified Modules (AVM) Module Contributors Entra access package (https://aka.ms/avm/id/access-package/module-contributor).
• Clarified that approval adds you to the azure-verified-modules-module-contributors Entra group (source of truth), with day-to-day repository access granted via that group + just-in-time (JIT) elevation.
• Added links to the Terraform Prerequisites and Repository Setup pages for the full onboarding process.
• Explicitly noted the legacy Core Identity entitlement / per-module team is no longer used.

Scan for other out-of-date instructions

As requested, I scanned the whole repo (all file types) for related stale references:

• Core Identity, entitlement, avm-module-owners-terraform, Azure Verified Module Owners Terraform → only present in SNFR20.md (now fixed).
• prerequisites.md and repository-setup.md already use the access-package model — consistent, no changes needed.
• Other Terraform team references (avm-core-team-technical-terraform, terraform-avm in SNFR3/SNFR9/team-definitions) are core-team/PG reviewer teams and remain valid — left untouched.

File changed

• docs/content/specs-defs/includes/shared/shared/non-functional/SNFR20.md

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the AVM Issue Triage documentation.