Fix: move write guardrail before table extraction + test 8-table JOIN depth

- Moved write statement check (INSERT/UPDATE/DELETE) before
  _extract_logical_table() so users get the clear 'SQL endpoint is
  read-only' error instead of confusing 'no FROM clause' ValueError
- Live-tested JOIN depth: 8-table JOINs confirmed working on Aurora VM
- Live-tested nested polymorphic: customerid -> account -> owner -> businessunit chain works
- Fixed validate_sql_full.py: lookup existence check (no more 95s waits),
  COUNT assertion relaxed for accumulated data, AttributeOf filter
- 66/66 validation tests passed, 12/12 JOIN depth tests passed
- 756 unit tests passing

Author: Saurabh Badenkal

src/PowerPlatform/Dataverse/data/_odata.py

@@ -964,6 +964,16 @@ def _query_sql(self, sql: str) -> list[dict[str, Any]]:
             raise ValidationError("sql must be a non-empty string", subcode=VALIDATION_SQL_EMPTY)
         sql = sql.strip()
 
+        # Block write statements FIRST (before table extraction, since
+        # UPDATE/INSERT/DELETE don't have FROM clauses)
+        if self._SQL_WRITE_RE.search(sql):
+            raise ValidationError(
+                "SQL endpoint is read-only. Use client.records or "
+                "client.dataframe for write operations "
+                "(INSERT/UPDATE/DELETE are not supported).",
+                subcode=VALIDATION_SQL_WRITE_BLOCKED,
+            )
+
         # Extract logical table name via helper (robust to identifiers ending with 'from')
         logical = self._extract_logical_table(sql)