feat: collect ECA RoleSeparation

[JonasBK]

Description

Collection of enterpriseCA setting RoleSeparationEnabled

Ticket: BED-4351

Motivation and Context

If this setting is enabled, you cannot perform any CA actions if you have both ManageCA and ManageCertificates permissions. Only CA admins can modify the setting.

We need it for the ESC7 implementation, as some attack narratives require both ManageCA and ManageCertificates and could therefore be blocked by this setting.

More info on the setting: Q: How can I make sure that a given Windows account is assigned only

How Has This Been Tested?

Collection in my lab: 20240426013313_BloodHound.zip

Screenshots (if appropriate):

Types of changes

• [ ] Chore (a change that does not modify the application functionality)
• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [ ] Documentation updates are needed, and have been made accordingly.
• [ ] I have added and/or updated tests to cover my changes.
• [ ] All new and existing tests passed.
• [ ] My changes include a database migration.