Add privileged service principals table to AAD report

[dagarwal-mitre]

🗣 Description

Wanted to add privileged service principals to the report to make users aware of these high privileged principals within their tenants

💭 Motivation and context

#934

🧪 Testing

Test with different tenants and ensure the Privileged Service Principals table is produced as expected for the AAD report and verify the verify privileged_service_principals is added in ScubaResults.json.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• PR targets the correct parent branch (e.g., main or release-name) for merge.
• Changes are limited to a single goal - eschew scope creep!
• Changes are sized such that they do not touch excessive number of files.
• All future TODOs are captured in issues, which are referenced in code comments.
• These code changes follow the ScubaGear content style guide.
• Related issues these changes resolve are linked preferably via closing keywords.
• All relevant type-of-change labels added.
• All relevant project fields are set.
• All relevant repo and/or project documentation updated to reflect these changes.
• Unit tests added/updated to cover PowerShell and Rego changes.
• Functional tests added/updated to cover PowerShell and Rego changes.
• All relevant functional tests passed.
• All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

• PR passed smoke test check.

• Feature branch has been rebased against changes from parent branch, as needed

  Use Rebase branch button below or use this reference to rebase from the command line.

• Resolved all merge conflicts on branch

• Notified merge coordinator that PR is ready for merge via comment mention

• Demonstrate changes to the team for questions and comments.
  (Note: Only required for issues of size Medium or larger)

✅ Post-merge checklist

• Feature branch deleted after merge to clean up repository.
• Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

[mitchelbaker-cisa]

I plan on doing two reviews, the first being a pass through of the new code submitted in this PR. I will do another review after testing steps are added.

[mitchelbaker-cisa]

Are we certain that $PrivilegedObjects will always contain at least one entry? Otherwise accessing the 0th index may throw an error if an entry does not exist.

Either way, I also think it would help to see some error handling to check if $PrivilegedObjects[0].Keys is not null prior to entering the loop.

[mitchelbaker-cisa]

Logic in AADProvider:

If $PrivilegedServicePrincipals is $null, then it equals {}. Otherwise, set equal to $PrivilegedServicePrincipals
Then in the AADProvider json set "privileged_service_principals" equal to $PrivilegedServicePrincipals

If "privileged_service_principals" = {}, then $principal.DisplayName, $principal.ServicePrincipalId, etc. are nonexistent properties. Can we add some error handling here?

We could check $SettingsExport.privileged_service_principals.PSObject.Count > 0 or some other condition.

[mitchelbaker-cisa]

Can we add a new unit test to handle $Objecttype="serviceprincipal" in LoadObjectDataIntoPrivilegedUserHashTable.Tests.ps1?

[mitchelbaker-cisa]

I don't see Get-PrivilegedServicePrincipal as a function in your branch's ExportAADProvider.psm1.

[mitchelbaker-cisa]

Remove comment blocks