Add pyadomd guidance for service-principal connection strings with EffectiveUserName and Roles

[Copilot]

This PR adds focused documentation for translating the repo’s Invoke-DQVTesting.psm1 connection-string pattern into Python (pyadomd) usage. It clarifies how to set service-principal auth fields while safely layering EffectiveUserName and Roles for impersonation/RLS validation.

• What this adds

  • New guide: DAX Query View Testing Pattern/pyadomd-service-principal-connection-guidance.md
  • Explicit mapping from PowerShell module behavior to Python connection-string construction.

• Connection-string mapping documented

  • Service principal format aligned to existing module behavior:
    • User ID=app:<client-id>@<tenant-id>
    • `******
    • Integrated Security=ClaimsToken
  • Base XMLA fields preserved:
    • Provider=MSOLAP
    • Data Source=powerbi://api.powerbi.com/v1.0/myorg/<workspace>
    • Database=<semantic-model>

• Impersonation/RLS guidance added

  • Optional EffectiveUserName=<upn> usage for user-context execution.
  • Optional Roles=<comma-separated-roles> usage for role-scoped validation.
  • Checklist for validating baseline, impersonated, and negative-role scenarios.

parts = [
    "Provider=MSOLAP",
    f"Data Source=powerbi://api.powerbi.com/v1.0/myorg/{workspace}",
    f"Database={dataset}",
    f"User ID=app:{client_id}@{tenant_id}",
    f"******",
    "Integrated Security=ClaimsToken",
]
if effective_username:
    parts.append(f"EffectiveUserName={effective_username}")
if roles:
    parts.append(f"Roles={','.join(roles)}")
conn_str = ";".join(parts) + ";"

Warning

GitHub's Secret Scanning detected potential secrets in the content or metadata (commit messages, PR description). We attempted to remediate the issue by updating the code or redacting.