Updated ESC4 Remediations To Be More Flexible

[TrimarcJake]

This should close #126 by doing the following:

1. If the Mode is not 0 or 2 AND an ESC4 is detected, Locksmith will ask a couple simple questions to determine the best course of remediation.
   • Does the principal administer this template?
   • (If the granted rights are GenericAll) Does the principal need to Enroll/AutoEnroll?
2. The answers to those questions will update the "Fix" attribute with one of the following options:
   • Marks the issue as not needing remediation.
   • Leaves basic remediation unchanged
   • Removes GenericAll and restores Enroll
   • Removes GenericAll and restores AutoEnroll
   • Removes GenericAll and restores Enroll + AutoEnroll
   • Removes GenericAll and restores nothing

[github-actions[bot]]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
⚠️ COPYPASTE	jscpd	yes		19	1.99s
⚠️ EDITORCONFIG	editorconfig-checker	17		1	0.25s
⚠️ MARKDOWN	markdownlint	5		15	0.59s
⚠️ MARKDOWN	markdown-link-check	5		8	3.57s
✅ MARKDOWN	markdown-table-formatter	5		0	0.29s
⚠️ POWERSHELL	powershell	12		9	16.37s
✅ POWERSHELL	powershell_formatter	12		0	13.38s
⚠️ REPOSITORY	checkov	yes		1	11.47s
✅ REPOSITORY	gitleaks	yes		no	0.53s
✅ REPOSITORY	git_diff	yes		no	0.03s
✅ REPOSITORY	grype	yes		no	15.69s
✅ REPOSITORY	secretlint	yes		no	0.87s
✅ REPOSITORY	trivy	yes		no	5.15s
✅ REPOSITORY	trivy-sbom	yes		no	1.37s
✅ REPOSITORY	trufflehog	yes		no	7.96s
⚠️ SPELL	cspell	18		197	7.03s

See detailed report in MegaLinter reports _Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_

_MegaLinter is graciously provided by _