Your service principal needs to write to Azure Blob Storage.
Your service principal has Contributor Role on the entire Resource Group.
Good to go right?
Because that user has a role which “Grants full access to manage all resources”
EXCEPT THAT IT DOESN’T.
You also need Storage Blob Data Contributor if you want to be able to write to an Az storage account blob container.