onlyIfNotExists roleAssignment deployment fails despite existing

[acortelyou]

Bicep version
0.38.33

Describe the bug

When using onlyIfNotExists() with roleAssignments, the expected behavior is that the deployment should succeed when the roleAssignment resource already exists and no write action would be necessary.

'User Access Administrator' or 'Owner' etc should only be required when a write action occurs.

To Reproduce

@onlyIfNotExists()
resource acrReader 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(acr.id, identity.id, readerRoleDefinitionId)
  scope: acr
  properties: {
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', readerRoleDefinitionId)
    principalId: identity.properties.principalId
    principalType: 'ServicePrincipal'
  }
}

Authorization failed for template resource '<guid>' of type 'Microsoft.Authorization/roleAssignments'. The client '<user>' with object id '<guid>' does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope '<roleAssignmentExtensionResource>'

Additional context
This would greatly simplify CI/CD in an environment where additional approvals are needed to gain User Access Administrator by skipping the creation of role assignments which already exist.