Rework whoami function to remove the need for a WAF rule override

[alismx]

Context: https://github.com/CDCgov/prime-simplereport/pull/3730/files

WAF rule gets triggered for our whoami function. We'd like to update this so that we don't need to use a rule override.

[emmastephenson]

This is a graphQL endpoint, we'll to break this into two pieces to fix.

Suggestions: getUserPermissions, ?

[DanielSass]

Clarifying: based on the PR linked and discussions, the "rework" needed is changing the name of the query. whoami is a unix command and that's why the waf thinks its suspicious