feature/ms365: Extend microsoft.security with exchange.antispam.HostedConnectionFilterPolicy (#5735)

* feat: Add MS365 HostedConnectionFilterPolicy resource

- Extend microsoft.security with exchange.antispam.HostedConnectionFilterPolicy
- Add new resource hierarchy: microsoft.security.exchange.antispam.hostedConnectionFilterPolicy
- Implement PowerShell-based data fetching using Get-HostedConnectionFilterPolicy cmdlet
- Include fields: identity, adminDisplayName, ipAllowList, ipBlockList, enableSafeList
- Update resource definitions, generated Go code, and manifest files

Resolves #5586

* fix: Use empty map instead of nil for container resource creation

- Replace nil arguments with map[string]*llx.RawData{} in CreateResource calls
- Fixes 'cannot convert primitive with NO type information' error
- Follows established patterns from other MS365 container resources

* Update check-spelling metadata

* Fix `CreateResource` in `hostedConnectionFilterPolicy`

* Add `convert` remove manual loops

Author: syrull

.github/actions/spelling/expect.txt

@@ -1,5 +1,6 @@
 ACCOUNTADMIN
 Adddays
+antispam
 atlassian
 auditlog
 Auths
@@ -25,8 +26,10 @@ DATAUSER
 Ddos
 deliverychannel
 dfw
+dlp
 dlq
 dlv
+eas
 eip
 ekm
 elbv
@@ -42,7 +45,9 @@ headerorder
 hostkeys
 iana
 iap
+iccid
 ilb
+imei
 ingresstls
 iotedge
 ipsetforwardedipconfig
@@ -54,9 +59,11 @@ kqueue
 labelmatchstatement
 liveanalytics
 loggingservice
+manageddevice
 managedrulegroupstatement
 managedzone
 mcr
+meid
 messagestoragepolicy
 mfs
 mgroup
@@ -104,13 +111,15 @@ spo
 sqli
 sqlimatchstatement
 sqlserver
+Sspr
 tailscale
 targetgroup
 tde
 testutils
 timestream
 toplevel
 tpu
+udid
 usb
 vdcs
 virtualmachine
@@ -120,12 +129,3 @@ vulnmgmt
 wil
 xoxp
 xssmatchstatement
-eas
-iccid
-imei
-manageddevice
-meid
-udid
-Passwordless
-Sspr
-dlp

providers/ms365/resources/ms365.lr

@@ -1042,6 +1042,8 @@ microsoft.security {
   latestSecureScores() microsoft.security.securityscore
   // List Microsoft Entra users who are at risk
   riskyUsers() []microsoft.security.riskyUser
+  // Exchange security settings
+  exchange() microsoft.security.exchange
 }
 
 // Microsoft Secure Score
@@ -1090,6 +1092,32 @@ microsoft.security.riskyUser @defaults("principalName riskLevel riskState lastUp
   lastUpdatedAt time
 }
 
+// Microsoft Security Exchange
+microsoft.security.exchange {
+  // Exchange antispam settings
+  antispam() microsoft.security.exchange.antispam
+}
+
+// Microsoft Security Exchange Antispam
+microsoft.security.exchange.antispam {
+  // Hosted connection filter policy
+  hostedConnectionFilterPolicy() microsoft.security.exchange.antispam.hostedConnectionFilterPolicy
+}
+
+// Microsoft Security Exchange Antispam Hosted Connection Filter Policy
+microsoft.security.exchange.antispam.hostedConnectionFilterPolicy @defaults("identity enableSafeList") {
+  // Policy identity
+  identity string
+  // Admin display name for the policy
+  adminDisplayName string
+  // IP addresses that are always allowed
+  ipAllowList []string
+  // IP addresses that are always blocked
+  ipBlockList []string
+  // Whether to use the safe list
+  enableSafeList bool
+}
+
 // Microsoft policies
 microsoft.policies {
   // Authorization policy