Fix MSSQL compatibility with Azure SQL

[g-psantos]

Fixes #10806

Removes a query from the MSSQL plugin that checks that a Server Login exists before attempting to change its password. This behavior is incompatible with SQL Server instances that rely on contained users and that do not allow cross-database queries, as is the case with Azure SQL Databases.

Additionally, some other engines (such as MySQL) do not check that a user exists before attempting to change its password, which suggests that this behavior is not essential.

The deletion of this query does not materially impact the behavior, as attempting to change the password for a nonexistent login (on a regular SQL Server instance) will result in an error message:

# Create a static login, create a static role, then delete the static login before running this command to replicate
$ vault write -force database/rotate-role/test-static
Error writing data to database/rotate-role/test-static: Error making API request.

URL: PUT http://localhost:8200/v1/database/rotate-role/test-static
Code: 500. Errors:

* 1 error occurred:
	* error setting credentials: unable to update user: rpc error: code = Internal desc = unable to update user: failed to execute query: mssql: Cannot alter the login 'staticuser', because it does not exist or you do not have permission.

If the Vault user is a contained user, then the "root rotation statements" parameter can be modified to alter the password of a user rather than a login:

ALTER USER vault WITH PASSWORD = 'securePassword123!';

[hashicorp-cla]

All committers have signed the CLA.

[g-psantos]

@austingebauer Any chance you could get this reviewed/merged?

(We're still on v1.4.7, which has a couple of vulnerabilities, because later versions can't currently handle rotation of MSSQL contained users' credentials. It corrects a change introduced with #9062)

[austingebauer]

Hi, @g-psantos. Thanks for making me aware of this issue and opening a PR. I will be having a look at this.

[vinay-gopalan]

Hi @g-psantos, Thanks for opening the issue and the PR! A PR to include support for contained DBs in root rotation and lease revocation was recently put up here: #12839

This PR includes support for contained DBs in the MSSQL plugin, and based on a contained_db boolean field that lets Vault know that the connection being configured is a contained DB, the root rotation and secret revocation flow has been refactored. I'm closing this PR since the changes here are already incorporated. Please feel free to re-open an issue if problems persist even after the fix is merged. Thanks once again!