Fix for Azure Service Principals who have no permission to access the Graph API

[SvenTo]

Data collection with azurehound does not work for Azure Service Principals who have no permission to access the Graph API because calling client.GetAzureADOrganization() fails. However, collecting information from the Azure Resource Manager is still possible.

This pull request implements a bugfix so that you can use commands like list az-rm with those Service Principals.

Sample output:

$ ./azurehound list az-rm -v 2 -a "[REDACTED]" --secret "[REDACTED]" -t "[REDACTED]" -o "az-rm.json" --log-file az-rm.log --json
AzureHound 2379ab55f4a5c12ed2cae977ab33a2d59f5a0192
Created by the BloodHound Enterprise team - https://bloodhoundenterprise.io

No configuration file located at [REDACTED]/.config/azurehound/config.json
{"level":"debug","time":"2023-05-05T16:49:27+02:00","message":"Log File: az-rm.log"}
{"level":"debug","time":"2023-05-05T16:49:27+02:00","message":"testing connections"}
{"level":"debug","time":"2023-05-05T16:49:27+02:00","message":"testing connections"}
{"level":"trace","targetUrl":"https://login.microsoftonline.com","time":"2023-05-05T16:49:27+02:00","message":"dialing..."}
{"level":"trace","targetUrl":"https://graph.microsoft.com","time":"2023-05-05T16:49:27+02:00","message":"dialing..."}
{"level":"trace","targetUrl":"https://management.azure.com","time":"2023-05-05T16:49:27+02:00","message":"dialing..."}
{"level":"error","error":"map[error:map[code:Authorization_RequestDenied innerError:map[client-request-id:[REDACTED] date:2023-05-05T14:49:27 request-id:[REDACTED]] message:Insufficient privileges to complete the operation.]]","time":"2023-05-05T16:49:27+02:00","message":"unable to get Azure AD organization. It is likely that your user don't have directory reader permissions. If you list non AAD objects (e.g., az-rm) this should be okay."}
{"level":"info","time":"2023-05-05T16:49:27+02:00","message":"collecting azure resource management objects..."}
{"level":"info","time":"2023-05-05T16:49:27+02:00","message":"finished listing all subscription user access admins"}
{"level":"info","time":"2023-05-05T16:49:27+02:00","message":"finished listing all container registries"}
{"level":"info","time":"2023-05-05T16:49:27+02:00","message":"finished listing all virtual machine role assignments"}
{"level":"info","time":"2023-05-05T16:49:27+02:00","message":"finished listing all automation accounts"}
[...]

[github-actions]

CLA Assistant Lite bot:
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request}

[SvenTo]

I have read the CLA Document and I hereby sign the CLA

[SvenTo]

recheck

[sven-ernw]

I have read the CLA Document and I hereby sign the CLA

---

recheck

[ddlees]

@SvenTo @sven-ernw

The CLA check is failing because the first signature is only valid for the SvenTo account and the commit in this PR is from sven-ernw. The second signature from the sven-ernw is malformed.

As sven-ernw please add this one-line comment exactly:

I have read the CLA Document and I hereby sign the CLA