Modify Connection module to read from JSON permissions file instead of hard coded values

[tkol2022]

💡 Summary

Currently the function Connect-Tenant in Connection.psm1 has a hard coded list of MS Graph permissions that it requests as scopes when connecting to the Graph endpoint. Soon there will be a new JSON file named ScubaGear-Permissions.json added to the repo and Connect-Tenant should be modified to dynamically pull the list of permissions from that file instead of the hard coded array.
We should also validate that the list of permissions being requested is current and does not contain any permissions that are no longer necessary due to code changes.

Implementation notes

See a separate comment within this issue for the list of action items.

[schrolla]

This is dependent on completion of PR #1380 first.

[tkol2022]

Updated set of actions for this issue

Some recent work by Microsoft spawned a new strategy for documenting and coding permissions which affects the scope of this issue.
Refer to the updated actions below.

Code updates

• Microsoft has custom coded a new function that gives the set of permissions needed for specific cmdlets. Add that function to ScubaGear so that it can be called from Connection.psm1.

• Update the code in Connect-Tenant so that instead of using a hard coded set of permission values, it calls Microsoft's new function to dynamically fetch the list of permissions for the Scopes parameter passed to Connect-MgGraph.

Documentation updates

• Upon performing an analysis of which permissions are currently needed to run ScubaGear, the Microsoft team determined that the RoleManagementPolicy.Read.AzureADGroup Graph permission is no longer necessary and is superseded by another permission we already configure for ScubaGear. Remove RoleManagementPolicy.Read.AzureADGroup from all references in the user documentation and in documentation in the /Testing/Docs folder.
  

• Update the permissions list the documentation so that it matches the output of Microsoft's new custom coded function which lists all the permissions needed.

Tenant updates and Unit Testing

• Update the permissions assigned to the Scuba Functional Test Orchestrator application so that they match the revised set of permissions in our documentation. Perform this update in all the test tenants. Test ScubaGear non-interactively with this application to make sure that it works. There should be no 401 errors.
• Do the same for the Scuba GitHub Automation application. Test the GitHub actions to make sure that they work with no 401 errors.
• Do the same for the Microsoft Graph Powershell service principal (in Enterprise Applications). To update this one you may have to blow away the existing set of permissions and reconnect from ScubaGear using interactive authentication and then perform the admin consent to the permissions. Make sure you do this with the new ScubaGear code that was revised according to this issue. Test ScubaGear with interactive auth to ensure that it works with no 401 errors.