Analyze test coverage for non-marketplace image sanity checks

[Copilot]

@LiliDeng requested an analysis of which test cases already contain the logic added in this PR for non-marketplace image sanity checks, and which logic is net new.

Analysis Findings

Logic added in this PR (lisa/microsoft/testsuites/sanity/sanitysuite.py):

• IMDS-based marketplace detection: Queries Azure IMDS with retry logic to distinguish marketplace from custom/gallery images based on publisher/offer/sku metadata
• SSH security checks: Validates /root/.ssh/authorized_keys (≤0o600) and /etc/ssh/sshd_config (≤0o644) permissions
• UID 0 validation: Detects multiple UID 0 accounts (only 'root' should have UID 0)
• File integrity checks: Verifies critical system files exist and /etc/shadow has no 'others' permissions
• Conditional execution: Skips all checks for marketplace images, runs only on AITL/gallery images

Existing similar logic in lisa/microsoft/testsuites/core/azure_image_standard.py:

• verify_client_active_interval: SSH ClientAliveInterval config validation
• verify_no_linux_password: /etc/shadow and /etc/passwd parsing, password presence checks

Net new logic not in existing tests:

1. IMDS-based marketplace image detection with retry mechanism
2. Specific file permission threshold validations (authorized_keys ≤0o600, sshd_config ≤0o644)
3. Multiple UID 0 account detection (existing tests parse UID but don't check for duplicates)
4. Marketplace vs non-marketplace conditional execution logic
5. Unified security check suite specifically for non-marketplace images

The existing azure_image_standard.py tests have some overlapping security validations but lack the marketplace detection heuristic and the comprehensive permission-based security posture checks introduced by this PR.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.