Move security group creation to Pulumi

[jemrobinson]

✅ Checklist

• You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
• You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
• Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).

🚦 Depends on

n/a

⤴️ Summary

• Create a Pulumi application during SHM deployment with permissions to edit groups
• Use this application (and service principal) to initialise the pulumi-azuread provider
  • create Entra groups

🌂 Related issues

Closes #2158

🔬 Tests

Tested on a new SRE deployment

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
data_safe_haven/commands
sre.py					89-90, 93-94
data_safe_haven/config
context.py					43-51, 56-57
shm_config.py
sre_config.py
data_safe_haven/external/api
azure_sdk.py					475, 1300-1316
graph_api.py					1054
data_safe_haven/infrastructure
project_manager.py
data_safe_haven/infrastructure/programs
declarative_sre.py					113
imperative_shm.py					118, 147-167
data_safe_haven/infrastructure/programs/sre
entra.py					18, 30-33
data_safe_haven/provisioning
sre_provisioning_manager.py
Project Total

This report was generated by python-coverage-comment-action