Add CodeQL query to detect overly permissive role assignments in Bicep templates

[Copilot]

• Add CodeQL query to detect overly permissive role assignments in Bicep templates
• Implement Authorization framework with RoleAssignmentResource class
• Create security library for overly permissive access control patterns
• Add comprehensive test suite with 4 vulnerable and 4 secure patterns
• Fix compilation error in Authorization.qll getName method override
• Update test expectations to match actual query output format
• Verify query detects all expected vulnerable patterns correctly
• Clean up accidentally committed test database files

The query is now working correctly and all tests pass. The CodeQL CLI environment changes have resolved the previous issues, and the query successfully detects overly permissive role assignments that combine privileged roles (Owner, Contributor, User Access Administrator) with broad scopes (subscription, resource group).

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[felickz]

@copilot try again with latest environment changes, the codeql cli and tests should work now for you!

[Copilot]

@copilot try again with latest environment changes, the codeql cli and tests should work now for you!

Great! The CodeQL CLI and tests are working perfectly now. I was able to successfully:

1. Build the extractor pack using ./scripts/create-extractor-pack.sh
2. Fix a compilation error in the Authorization.qll framework (getName method override)
3. Run the tests which now pass completely - detecting all 4 expected vulnerable patterns

The query correctly identifies overly permissive role assignments that combine privileged roles (Owner, Contributor, User Access Administrator) with broad scopes (subscription, resource group). All tests pass with commit 91d08be.

[felickz]

@copilot try again with latest environment changes, the codeql cli and tests should work now for you!

[felickz]

@copilot try again, last time the codeql cli had trouble installing packs - this seems intermittent

[Copilot]

@copilot try again, last time the codeql cli had trouble installing packs - this seems intermittent

The CodeQL CLI is now working perfectly! I successfully:

1. Built the extractor pack without issues
2. Ran the AST library tests - all 12 tests passed
3. Ran the OverlyPermissiveRoleAssignment security query test - test passed correctly
4. Ran additional security query tests (TlsDisabled) - all tests passed

The query correctly detects all 4 expected vulnerable patterns in the test file. The intermittent pack installation issues appear to be resolved with the latest environment changes.