Add verification workflow for Repo Radius

[sk593]

Description

Lands the Repo Radius verify credential-verification GitHub Actions workflow in this repository, plus a README.md documenting it.

The workflow contract is owned by Radius and consumed by the multi-cluster v1 work (#12106), so it needs a canonical, reviewed home here that any frontend (the Copilot app, the CLI, etc.) can drive.

This PR adds the verify workflow only. The companion deploy workflow and the RADIUS_TARGET_KUBECONFIG / KUBE_CONFIG_PATH integration contract will follow in a later PR.

What's added:

radius-verify-credentials.yml — a workflow_dispatch workflow that, per provider:
Authenticates to Azure/AWS via GitHub OIDC (no long-lived cloud secrets stored).
Verifies access (az account show / aws sts get-caller-identity, with the AWS account ID masked in logs).
Discovers resources (resource groups, AKS/EKS clusters, VPCs, subnets, locations) and uploads them as the radius-discovery artifact for the caller to read back.
Branches by provider so the same file serves Azure-only and AWS-only environments; steps are skipped when a provider's variables are empty.
README.md — documents the workflow's purpose, trigger, inputs, permissions, required GitHub Environment variables, and the cloud-side OIDC trust prerequisites.

Type of change

• This pull request adds or changes features of Radius and has an approved issue Support listSecrets custom action #1121

Fixes: #issue_number

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

• An overview of proposed schema changes is included in a linked GitHub issue.
  • Yes
  • Not applicable
• A design document is added or updated under eng/design-notes/ in this repository, if new APIs are being introduced.
  • Yes
  • Not applicable
• The design document has been reviewed and approved by Radius maintainers/approvers.
  • Yes
  • Not applicable
• A PR for resource-types-contrib is created, if resource types or recipes are affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for dashboard is created, if the Radius Dashboard is affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
  • Yes
  • Not applicable

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	209f96d
Unique ID	funcc8b58315fd
Image tag	pr-funcc8b58315fd

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr: 1.14.4
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-funcc8b58315fd
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-funcc8b58315fd
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-funcc8b58315fd
• controller test image location: ghcr.io/radius-project/dev/controller:pr-funcc8b58315fd
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-funcc8b58315fd
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Container images build succeeded
✅ Recipe publishing succeeded
⌛ Starting corerp-cloud functional tests...
⌛ Starting ucp-cloud functional tests...
✅ Recipe publishing succeeded
⌛ Starting corerp-cloud functional tests...
⌛ Starting ucp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.32%. Comparing base (7b73871) to head (209f96d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12170      +/-   ##
==========================================
- Coverage   52.33%   52.32%   -0.02%     
==========================================
  Files         738      738              
  Lines       47324    47324              
==========================================
- Hits        24766    24760       -6     
- Misses      20192    20195       +3     
- Partials     2366     2369       +3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Unit Tests

    2 files  ±0    439 suites  ±0   7m 30s ⏱️ ±0s
5 385 tests ±0  5 383 ✅ ±0  2 💤 ±0  0 ❌ ±0 
6 565 runs  ±0  6 563 ✅ ±0  2 💤 ±0  0 ❌ ±0 

Results for commit 209f96d. ± Comparison against base commit 7b73871.