Move debugIntuneCE and prodIntuneCE from BrokerData to AppRegistry as App instances, Fixes AB#3539245 (#3012)

[AB#3539245](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3539245)

`debugIntuneCE` and `prodIntuneCE` were defined in `BrokerData` despite
Intune CE (`com.microsoft.intune`) not being a broker app. These belong
in `AppRegistry` alongside other non-broker app identities.

## Changes

- **`BrokerData.kt`**: Removed `debugIntuneCE` and `prodIntuneCE`
companion object entries
- **`AppRegistry.kt`**:
  - Added `INTUNE_CE_PROD` and `INTUNE_CE_DEBUG` as `App` instances
- Updated `DEVICE_REGISTRATION_AUTHORIZED_APPS` to reference the new
entries
- Added `FORCE_BROKER_DISCOVERY_ALLOW_LIST` — a new allow-list set for
force broker discovery:
    - Prod-only path: `setOf(INTUNE_CE_PROD)`
- Debug path (when `getShouldTrustDebugBrokers()` is true): includes
`INTUNE_CE_PROD`, `INTUNE_CE_DEBUG`, `debugMockLtw`, `debugMockCp`,
`debugMockAuthApp`, and `debugBrokerHost`
- Added imports for `INTUNE_APP_PACKAGE_NAME`,
`INTUNE_APP_SHA512_DEBUG_SIGNATURE`,
`INTUNE_APP_SHA512_RELEASE_SIGNATURE`
- **`changelog.txt`**: Added vNext entry for this change

```kotlin
// Before — in BrokerData companion object
val debugIntuneCE = BrokerData(INTUNE_APP_PACKAGE_NAME, INTUNE_APP_SHA512_DEBUG_SIGNATURE, "debugIntuneCE")
val prodIntuneCE  = BrokerData(INTUNE_APP_PACKAGE_NAME, INTUNE_APP_SHA512_RELEASE_SIGNATURE, "prodIntuneCE")

// After — in AppRegistry
val INTUNE_CE_DEBUG = App(nickName = "Intune Company Portal (debug)", packageName = INTUNE_APP_PACKAGE_NAME, signingCertificateThumbprint = INTUNE_APP_SHA512_DEBUG_SIGNATURE)
val INTUNE_CE_PROD  = App(nickName = "Intune Company Portal (prod)",  packageName = INTUNE_APP_PACKAGE_NAME, signingCertificateThumbprint = INTUNE_APP_SHA512_RELEASE_SIGNATURE)

// New — Force Broker discovery allow list
val FORCE_BROKER_DISCOVERY_ALLOW_LIST = if (BrokerData.getShouldTrustDebugBrokers()) {
    buildSet {
        add(INTUNE_CE_PROD); add(INTUNE_CE_DEBUG)
        add(BrokerData.debugMockLtw); add(BrokerData.debugMockCp)
        add(BrokerData.debugMockAuthApp); add(BrokerData.debugBrokerHost)
    }
} else {
    setOf(INTUNE_CE_PROD)
}
```

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent
pull requests. You can protect all pull requests by enabling Advanced
Security for your repositories. [Learn more about Advanced
Security.](https://gh.io/cca-advanced-security)

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: rpdome <19558668+rpdome@users.noreply.github.com>

Author: Copilot

changelog.txt

@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Move debugIntuneCE and prodIntuneCE from BrokerData to AppRegistry as App instances (#3012)
 - [MINOR] Remove LruCache from SharedPreferencesFileManager (#2910)
 - [MINOR] Edge TB: Claims (#2925)
 - [PATCH] Update Moshi to 1.15.2 to resolve okio CVE-2023-3635 vulnerability (#3005)

common/src/main/java/com/microsoft/identity/common/internal/apps/AppRegistry.kt

@@ -26,6 +26,9 @@ package com.microsoft.identity.common.internal.apps
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_AOSP_AGENT_DEBUG_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_AOSP_AGENT_RELEASE_SIGNATURE
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_PACKAGE_NAME
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_SHA512_DEBUG_SIGNATURE
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_SHA512_RELEASE_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.ONE_AUTH_TEST_APP_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.SHARED_EDGE_SIGNATURE
 import com.microsoft.identity.common.internal.broker.BrokerData
@@ -97,6 +100,18 @@ object AppRegistry {
         signingCertificateThumbprint = "QfTWFoLyXuOCZ7bMYlMN+la3J3rau5x8p+w2v7vf1gOPiTyIMgdbNDzLaLWhgiC2ioj/hFqk8oZyqdJbFG6G4g=="
     )
 
+    val INTUNE_CE_PROD = App(
+        nickName = "Intune Company Portal (prod)",
+        packageName = INTUNE_APP_PACKAGE_NAME,
+        signingCertificateThumbprint = INTUNE_APP_SHA512_RELEASE_SIGNATURE
+    )
+
+    val INTUNE_CE_DEBUG = App(
+        nickName = "Intune Company Portal (debug)",
+        packageName = INTUNE_APP_PACKAGE_NAME,
+        signingCertificateThumbprint = INTUNE_APP_SHA512_DEBUG_SIGNATURE
+    )
+
     val MSAL_TEST_APP = App(
         nickName = "MSAL Test App",
         packageName = "com.msft.identity.client.sample.local",
@@ -128,14 +143,14 @@ object AppRegistry {
     val DEVICE_REGISTRATION_AUTHORIZED_APPS = buildSet {
         add(BrokerData.prodMicrosoftAuthenticator)
         add(BrokerData.prodCompanyPortal)
-        add(BrokerData.prodIntuneCE)
+        add(INTUNE_CE_PROD)
         add(INTUNE_AOSP_AGENT_PROD)
         if (BrokerData.getShouldTrustDebugBrokers()) {
             add(INTUNE_AOSP_AGENT_DEBUG)
             add(BrokerData.debugBrokerHost)
             add(BrokerData.debugMicrosoftAuthenticator)
             add(BrokerData.debugCompanyPortal)
-            add(BrokerData.debugIntuneCE)
+            add(INTUNE_CE_DEBUG)
         }
     }
 
@@ -153,4 +168,20 @@ object AppRegistry {
             add(MSAL_TEST_APP)
         }
     }
+
+    /**
+     * Apps authorized to trigger force broker discovery.
+     * Debug apps (mock brokers, broker host) are included when debug broker trust is enabled.
+     */
+    @JvmField
+    val FORCE_BROKER_DISCOVERY_ALLOW_LIST = buildSet {
+        add(INTUNE_CE_PROD)
+        if (BrokerData.getShouldTrustDebugBrokers()) {
+            add(INTUNE_CE_DEBUG)
+            add(BrokerData.debugMockLtw)
+            add(BrokerData.debugMockCp)
+            add(BrokerData.debugMockAuthApp)
+            add(BrokerData.debugBrokerHost)
+        }
+    }
 }

common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerData.kt

@@ -171,20 +171,6 @@ data class BrokerData(
 
         )
 
-        @JvmStatic
-        val debugIntuneCE = BrokerData(
-            AuthenticationConstants.Broker.INTUNE_APP_PACKAGE_NAME,
-            AuthenticationConstants.Broker.INTUNE_APP_SHA512_DEBUG_SIGNATURE,
-            "debugIntuneCE"
-        )
-
-        @JvmStatic
-        val prodIntuneCE = BrokerData(
-            AuthenticationConstants.Broker.INTUNE_APP_PACKAGE_NAME,
-            AuthenticationConstants.Broker.INTUNE_APP_SHA512_RELEASE_SIGNATURE,
-            "prodIntuneCE"
-        )
-
         @JvmStatic
         val accountManagerBrokers: Set<String> =
             Collections.unmodifiableSet(object : HashSet<String>() {