Fix live grouped chains role-trust batching

[TacoRocket]

What changed

• removed the grouped chains artifact-first fallback and restored fresh live runs as the default execution path
• added Microsoft Graph $batch support in the AzureFox Graph client
• switched role-trusts fast-mode collection to batch seeded application lookups, application edge collection, and service-principal edge collection, while keeping serial fallback for non-batch callers
• added regressions for the batch-enabled role-trusts path and for live grouped deployment-path and escalation-path output emission

Why

Admin grouped chains deployment-path and chains escalation-path were stalling in live environments because the Python role-trusts collector still did a large serial Graph callback fanout. The earlier artifact-backed workaround helped reruns, but it did not fix a fresh live environment. This PR fixes the live root cause instead of assuming prior data exists.

Impact

• fresh live grouped chains deployment-path runs no longer depend on nearby static artifacts
• fresh live grouped chains escalation-path runs no longer depend on nearby static artifacts
• role-trusts keeps the same operator-facing contract, but reaches it with substantially fewer Graph round-trips in the admin path

Validation

• python3 -m ruff check src/azurefox/cli.py src/azurefox/clients/graph.py src/azurefox/collectors/provider.py tests/test_collectors.py tests/test_cli_smoke.py
• PYTHONPATH=src pytest -q tests/test_collectors.py -k 'role_trusts' tests/test_cli_smoke.py -k 'chains_family_live_provider_writes_outputs_with_batched_role_trusts or chains_family_keeps_emitting_when_supporting_collector_fails or chains_deployment_path_json or chains_escalation_path_json'
• pre-push guardrail run: 420 passed, 2 deselected