How can you give ApplicationPoolIdentity permissions to write to the Application Event Log?
I've read about adding a user to the permissions for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog but I can't find the user ApplicationPoolIdentity
And how can I have this as part of the deployment for a web site? ... specifically to Azure Web App Service
You cannot modify the registry of an instance in App Service as the sandbox in Azure App Service doesn't allow you to modify registry. More details here
As long as you are not creating a new Event Source, your application logging will continue to work and the events will be written to EventLog.xml (which is a lightweight event log file). You can read more details about this in https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#access-to-event-log.
You can access the eventlog.xml file directly from KUDU under D:\HOME\LOGFILES folder, or from support portal or by using a website extension which I wrote some time back. More details on this in https://blogs.msdn.microsoft.com/puneetgupta/2014/09/24/azure-website-siteextension-to-view-eventlogs/