[Feature request] `az ad app permission admin-consent`: Migrate `https://main.iam.ad.ext.azure.com/` to Microsoft Graph

[jiasli]

Related command az ad app permission admin-consent

Is your feature request related to a problem? Please describe. az ad app permission admin-consent internally calls https://main.iam.ad.ext.azure.com/ endpoint:

https://github.com/Azure/azure-cli/blob/38eaebb6936a32be13e2c4afba8e600ce9c91513/src/azure-cli/azure/cli/command_modules/role/custom.py#L959

This endpoint has several limitations:

1. This endpoint is now deprecated
2. It can only be called by a user, not a service principal.
3. It fails in Cloud Shell, because https://main.iam.ad.ext.azure.com/ is not a resource supported by Cloud Shell (#8912, #14230)
4. It doesn't support sovereign clouds (#9942)

Describe the solution you'd like Migrate https://main.iam.ad.ext.azure.com/ to Microsoft Graph.

Describe alternatives you've considered Remove az ad app permission admin-consent and replace it with fine-grained az ad app permission grant and https://github.com/Azure/azure-cli/issues/22768.

Additional context

[yonzhan]

Thank you for opening this issue, we will look into it.