feat(data): adopt canonical microsoft-first-party-appids.json (#361)

[Daren9m]

Why

Multiple consumers (M365-Assess, Az-Assess, future) each maintained their own ad-hoc allowlist of Microsoft first-party AppIds / owner-tenant GUIDs to exclude legitimate Microsoft service principals from "foreign app impersonating Microsoft" checks. M365-Assess's hard-coded list grew twice in one sprint (M365-Assess#887). Per #361, CheckID should own this as canonical data so consumers reference one source instead of drifting copies.

What

Adopts M365-Assess's controls/microsoft-first-party-appids.json (v1.1.0) upstream into CheckID:

• data/microsoft-first-party-appids.json - 280 AppIds + 4 owner tenants, sourced from Microsoft Learn's Power Platform first-party app list. $schema repointed to the CheckID schema (data otherwise verbatim).
• data/microsoft-first-party-appids.schema.json - draft 2020-12, validates GUID format, required fields, uniqueness shape.
• tests/MicrosoftFirstPartyAppIds.Tests.ps1 - structure, semver, GUID format, case-insensitive AppId uniqueness, and that the consumer check ENTRA-ENTAPP-020 exists in registry.json.
• REFERENCES.md - new "Canonical Reference Data" section; consumers fetch this alongside registry.json / frameworks/*.json.

Testing

• Data validates against the new schema (jsonschema).
• 388 Pester tests pass (377 + 11 new), 0 failures.
• 280 AppIds verified: all valid GUIDs, all named, no duplicates.

Rollout

After this is tagged, M365-Assess flips ENTRA-ENTAPP-020 to read the allowlist from CheckID (via its sync) and drops the hard-coded list. First of the v3.5.0 canonical-reference-data adoptions (role-tiers, tier0-permissions, mitre-technique-map, risk-severity to follow).

Closes #361

[github-actions]

Framework mapping count delta

Framework	main	this PR	Δ	Δ%	Status
cis-controls-v8	1021	1021	0	+0.00%	✓ OK
cis-m365-v6	167	167	0	+0.00%	✓ OK
cisa-scuba	52	52	0	+0.00%	✓ OK
cmmc	1081	1081	0	+0.00%	✓ OK
eidsca	21	21	0	+0.00%	✓ OK
essential-eight	631	631	0	+0.00%	✓ OK
fedramp	1073	1073	0	+0.00%	✓ OK
gdpr	11	11	0	+0.00%	✓ OK
hipaa	502	502	0	+0.00%	✓ OK
iso-27001	1021	1021	0	+0.00%	✓ OK
iso-27002	1021	1021	0	+0.00%	✓ OK
iso-27017	1013	1013	0	+0.00%	✓ OK
mitre-attack	893	893	0	+0.00%	✓ OK
nis2	311	311	0	+0.00%	✓ OK
nist-800-171	1081	1081	0	+0.00%	✓ OK
nist-800-53	1073	1073	0	+0.00%	✓ OK
nist-csf	827	827	0	+0.00%	✓ OK
pci-dss	1053	1053	0	+0.00%	✓ OK
soc2	1104	1104	0	+0.00%	✓ OK
stig	13	13	0	+0.00%	✓ OK

Result: ✓ PASS — no framework mapping regressions detected.

[github-actions]

Content enrichment population

Overall (1106 checks): rationale 26.4% (292/1106) • impact 26.4% (292/1106) • references 26.4% (292/1106)

Framework	n	rationale	impact	references
cis-controls-v8	1021	25.2% (257/1021)	25.2% (257/1021)	25.2% (257/1021)
cis-m365-v6	167	100.0% (167/167)	100.0% (167/167)	100.0% (167/167)
cisa-scuba	52	100.0% (52/52)	100.0% (52/52)	100.0% (52/52)
cmmc	1081	26.4% (285/1081)	26.4% (285/1081)	26.4% (285/1081)
eidsca	21	100.0% (21/21)	100.0% (21/21)	100.0% (21/21)
essential-eight	631	22.3% (141/631)	22.3% (141/631)	22.3% (141/631)
fedramp	1073	27.2% (292/1073)	27.2% (292/1073)	27.2% (292/1073)
gdpr	11	100.0% (11/11)	100.0% (11/11)	100.0% (11/11)
hipaa	502	33.5% (168/502)	33.5% (168/502)	33.5% (168/502)
iso-27001	1021	26.6% (272/1021)	26.6% (272/1021)	26.6% (272/1021)
iso-27002	1021	26.6% (272/1021)	26.6% (272/1021)	26.6% (272/1021)
iso-27017	1013	26.1% (264/1013)	26.1% (264/1013)	26.1% (264/1013)
mitre-attack	893	30.8% (275/893)	30.8% (275/893)	30.8% (275/893)
nis2	311	25.7% (80/311)	25.7% (80/311)	25.7% (80/311)
nist-800-171	1081	26.4% (285/1081)	26.4% (285/1081)	26.4% (285/1081)
nist-800-53	1073	27.2% (292/1073)	27.2% (292/1073)	27.2% (292/1073)
nist-csf	827	31.2% (258/827)	31.2% (258/827)	31.2% (258/827)
pci-dss	1053	26.4% (278/1053)	26.4% (278/1053)	26.4% (278/1053)
soc2	1104	26.4% (292/1104)	26.4% (292/1104)	26.4% (292/1104)
stig	13	100.0% (13/13)	100.0% (13/13)	100.0% (13/13)

Informational only — does not gate the build. The hard release-gate for Critical/High enrichment lives in #281 (v3.2.0).