Core Question:  Is there a way to implicitly set an Automation Account with read access to Azure Key Vaults', x509 Certificates?  That is to say, all current Key Vaults and all future Key Vaults?

I'm only presently seeing an ability to explicitly set RBAC to existing key vaults...  is setting implicit rights not possible or am I missing how to accomplish this?  TIA.