Fix AAD 401 authentication errors against GCC high tenants

[tkol2022]

🗣 Description

This PR fixes the problem when running AAD against GCC high tenants with newer versions of the Graph dependency modules. We started getting 401 Unauthorized errors against GCC high because there was some problem with the token that we traced to Invoke-MgGraphRequest. The fix was to pass the MS graph FQDN prefix when calling that cmdlet and that seems to rectify the issue.

Closes #1265

🧪 Testing

• Test against all tenants, including GCC high.
• Run AAD with other products and by itself.
• Run ScubaGear with a config file as well.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• PR targets the correct parent branch (e.g., main or release-name) for merge.
• Changes are limited to a single goal - eschew scope creep!
• Changes are sized such that they do not touch excessive number of files.
• All future TODOs are captured in issues, which are referenced in code comments.
• These code changes follow the ScubaGear content style guide.
• Related issues these changes resolve are linked preferably via closing keywords.
• All relevant type-of-change labels added.
• All relevant project fields are set.
• All relevant repo and/or project documentation updated to reflect these changes.
• Unit tests added/updated to cover PowerShell and Rego changes.
• Functional tests added/updated to cover PowerShell and Rego changes.
• All relevant functional tests passed.
• All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

• PR passed smoke test check.

• Feature branch has been rebased against changes from parent branch, as needed

  Use Rebase branch button below or use this reference to rebase from the command line.

• Resolved all merge conflicts on branch

• Notified merge coordinator that PR is ready for merge via comment mention

✅ Post-merge checklist

• Feature branch deleted after merge to clean up repository.
• Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

[schrolla]

I have some minor requests to remove a debug statement and comment fixes. But the functional testing I did showed SG worked as expected. As requested, I ran:

• ScubaGear with just the AAD product against all test tenants (passed)
• ScubaGear using a config file for parameters with AAD as well as other products (passed)
• ScubaGear with all pairings of other products (passed)
• ScubaGear with all products against all test tenants (passed)
• ScubaGear
• Ran workflow unit tests (including those for Initialize-SCuBA) manually using Pester and all passed as expected.

[tkol2022]

Functional tests ran against the branch.

[dagarwal-mitre]

Looks good, checked with different tenants and SP.

[james-garriss]

FYI...the changes made to support.psm1 are in response to a previous PR (#1261) that attempted to fix a problem when initializing SG. Unfortunately, it created a new problem with the functional tests that was only now discovered. The changes in support fix both problems, ensuring that the right module path is used no matter where SG is initialized from.

[nanda-katikaneni]

One more data point in testing for this PR/branch: aad tests on gccchigh ran fine with this branch (with rc there 401 failure); functional tests also running fine on gcchigh with this branch.