Creates a GraphServiceClient with scope and graph endpoint set
appropriately for the cloud environment (public or US government).

I don't think it matters for the purpose of validation, but the
AD Graph endpoint is nearing its end-of-life.

To aid debugging failed MS Graph requests.

MS Graph's top-level APIError message is hard-coded and only says
"error status code received from the API".  Further details have
to be extracted from the "ODataErrorable" interface type.

No longer used.

No longer used.

Vendoring the Microsoft Graph SDK for Go causes memory consumption
during CodeQL analysis to double due to its enormous API surface,
putting it well beyond the memory limit of standard GitHub Action
runners.

I inquired with the Azure organization admins about provisioning
larger GitHub runners, but was directed instead to use the 1ES
Hosted Pool which runs our other CI checks. Since ARO controls
the VM type for Hosted Pool agents, we can use a VM type with
adequate memory for CodeQL analysis with the Graph SDK.

Note: Implemented CodeQL commands in a template in case we
      ever decide to move Javascript or Python analysis to
      1ES Hosted Pool as well.