Query updates

[martinsohn]

Multiple updates.
Also ran all in a BH instance to test.

Summary:

• Updated README:
  • Remove unnecessary chars
  • Add a BHOP example for testing all queries
• Delete Trace ACE inheritance.yml
  • The query was unnecessary as an ACE tracing feature is now in-product via the Edge Entity Panel, and this query had limited functionality anyway.
• Change the identification method for DCs and RODCs to the built-in bool
  • Computers with non-default Primary Group membership
• Add warning to description of many-to-many queries
  • Shortest paths from Azure Applications to Tier Zero High Value targets
  • Shortest paths from Entra Users to Tier Zero High Value targets
  • Shortest paths from Owned objects to Tier Zero
  • Shortest paths to Azure Subscriptions
  • Shortest paths to privileged roles
• Fixed query - WARNING: 500 - ERROR: missing FROM-clause entry for table "s0" (SQLSTATE 42P01)
  • Tier Zero accounts not members of Denied RODC Password Replication Group
• Pull in new BloodHound queries
  • Accounts with smart card required in d…here smart account passwords do not expire
  • AdminSDHolder to protected objects relationship
  • CA Administrators and CA Managers (ESC7)
  • Compromising permissions on ADCS nodes (ESC5)
  • Enrollment rights on certificate templa…se CA with User Specified SAN enabled (ESC6)
  • Enrollment rights on certificate templa…e CA with vulnerable HTTP(S) endpoint (ESC8)
  • Entra Users with Entra Admin Role approval (direct)
  • Entra Users with Entra Admin Role approval (group delegated)
  • Entra Users with Entra Admin Role direct eligibility
  • Entra Users with Entra Admin Roles group delegated eligibility
  • Location of AdminSDHolder Protected objects
  • Synced Entra Users with Entra Admin Role approval (direct)
  • Synced Entra Users with Entra Admin Role approval (group delegated)
  • Synced Entra Users with Entra Admin Role direct eligibility
  • Synced Entra Users with Entra Admin Roles group delegated eligibility
  • Tier Zero principals without AdminSDHolder protection
• Add support for node labels vs legacy system_tags
  • Kerberoastable me…Zero High Value groups
  • Shortest paths from Owned objects
  • Shortest paths to Tier Zero High Value targets
• Update queries to match BloodHound prebuilt query
  • All Global Administrators
  • Computers with membership in Protected Users
  • Dangerous privileges for Domain Users groups
  • Domains where any user can join a computer to the domain
• Update name from 'Account' to 'Object'
  • Non-Tier Zero account with excessive control
• Fix category
  • Map Azure Management structure
• New queries
  • Locations of Owned objects - AD
  • Locations of Owned objects - AZ
• Update edge to new name: RemoteInteractiveLogonRight
  • All incoming and local paths for a specific computer