Allow roleDefinitions in resource ID lint rule

[nkgotcode]

Description

Fixes #19445.

Allows the use-resource-id-functions linter rule to recognize roleDefinitions(...).id as an allowed roleDefinitionId value. This avoids a false positive for the built-in roleDefinitions helper while preserving the existing resource ID validation for other expressions.

Validation:

• PATH="$PWD/../.dotnet:$PATH" DOTNET_ROOT="$PWD/../.dotnet" DOTNET_CLI_TELEMETRY_OPTOUT=1 dotnet build src/Bicep.Core.UnitTests/Bicep.Core.UnitTests.csproj --no-restore
• PATH="$PWD/../.dotnet:$PATH" DOTNET_ROOT="$PWD/../.dotnet" DOTNET_CLI_TELEMETRY_OPTOUT=1 dotnet run --project src/Bicep.Cli -- lint repro-oss-1557/main.bicep

Checklist

• I have read and adhere to the contribution guide.

Microsoft Reviewers: Open in CodeFlow

[nkgotcode]

@microsoft-github-policy-service agree

[nkgotcode]

CLA agreement posted above; confirming here that I agree as an individual contributor.

[anthony-c-martin]

Thanks for fixing this!

[nkgotcode]

The PR compliance job is failing because no docs label is applied: Check for Docs label requires either 📘 Docs Needed or 📘 Docs Not Needed. Could a maintainer apply the appropriate docs label?

[anthony-c-martin]

@nkgotcode there are some test failures - I suspect you probably just need to update baselines. See https://github.com/Azure/bicep/blob/main/CONTRIBUTING.md#updating-test-baselines

[nkgotcode]

Pushed 2687fa6 to update src/Bicep.Core.Samples/Files/baselines/InvalidResources_CRLF/main.diagnostics.bicep so the four use-resource-id-functions baseline diagnostics include roleDefinitions. Verified with dotnet test src/Bicep.Core.IntegrationTests/Bicep.Core.IntegrationTests.csproj --filter "FullyQualifiedName~SemanticModelTests.ProgramsShouldProduceExpectedDiagnostics" --no-restore --logger "console;verbosity=minimal": Passed 3,392, failed 0.