✨ implement ListIssues and GetCreatedAt for Azure DevOps

[JamieMagee]

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

• PR title follows the guidelines defined in our pull request documentation

What is the current behavior?

ListIssues and GetCreatedAt throw an unsupported error

What is the new behavior (if this is a feature change)?**

ListIssues and GetCreatedAt have implementations

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Next step of #4177

Special notes for your reviewer

Azure DevOps doesn't have an official API to retrieve user permissions for a project or a repository. As a stopgap solution, I've defaulted all issue and comment authors to RepoAssociationMember. This is probably a good minimum bar.

The audit log is the best way to retrieve the repository creation date, but this may not be enabled. So I am using the first repository commit as a fallback value.

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

implement `ListIssues` and `GetCreatedAt` for Azure DevOps

[JamieMagee]

With these changes the Maintained check now completes

Details

$ env SCORECARD_EXPERIMENTAL=1 go run . --repo dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee --checks Maintained
Starting [Maintained]
Finished [Maintained]

RESULTS
-------
Aggregate score: 5.0 / 10

Check scores:
|--------|------------|--------------------------------|-----------------------------------------------------------------------|
| SCORE  |    NAME    |             REASON             |                       DOCUMENTATION/REMEDIATION                       |
|--------|------------|--------------------------------|-----------------------------------------------------------------------|
| 5 / 10 | Maintained | 5 commit(s) and 1 issue        | https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained |
|        |            | activity found in the last 90  |                                                                       |
|        |            | days -- score normalized to 5  |                                                                       |
|--------|------------|--------------------------------|-----------------------------------------------------------------------|

[spencerschrock]

can azure have a repository with no commits? These edge cases have been issues for Scorecard on other forges and would cause a panic

[spencerschrock]

these breaks could be returns I think. At least the first one, otherwise it will only break out of the inner loop and keep searching the audit log (if there's more)

[spencerschrock]

is it possible to grab the things we need from this query? or are those details only accessible via GetWorkItems?

[spencerschrock]

you check all your other type assertions, did you mean to here?