I was very close originally. Thanks to this blog post by Tim Jacomb I was able to login to azcopy with an OIDC federated identity:
https://blog.timja.dev/using-azcopy-in-github-actions-with-federated-credentials/

Summary:
Making use of azcopy's auto-login, afaik, is the only way to use OIDC credentials when using azcopy with a Service Principal.
- The azcopy cli allows for various methods of authenticating via Service Principal, but OIDC is not one of them.
- The az cli as well as the Azure Login action, however, DO work with OIDC, and thus you need to first login with one of those and then auto-login to azcopy using environment variables and your target azcopy command.

Summary of modifications:
- I had other issues offscreen that were causing the AZCLI option for AZCOPY_AUTO_LOGIN_TYPE to not work. This is indeed the correct flag.
- allow-no-subscriptions: true when logging into az does not work with azcopy, as far as I can tell. I've removed that and replaced it with the subscription id for the resources with which I'm going to use the Service Principal.
- Only set the environment variables on the step you're going to use them.
- Use an azcopy login status as a sanity check. It will work same as the other commands with autologin, though azcopy login wont as it'll try to login again.

- name: Azure login with OIDC
  uses: azure/login@v2
  with:
    client-id: ${{ secrets.AZURE_CLIENT_ID }}
    tenant-id: ${{ secrets.AZURE_TENANT_ID }}
    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Copy file to Azure Blob Storage
   env:
      AZURE_STORAGE_ACCOUNT: your-storage-account-name
      AZURE_CONTAINER_NAME: example
      AZCOPY_AUTO_LOGIN_TYPE: AZCLI # This is the auto login type you want
      AZCOPY_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} # Don't forget this
   run: |
      azcopy login status
      echo ""
      azcopy sync "." "https://$AZURE_STORAGE_ACCOUNT.file.core.windows.net/$AZURE_CONTAINER_NAME/"