Allow a specific service to be used

[zeroSteiner]

This allows credentials to be reported with explicit services. In order to show up in Metasploit's creds command output, the origin must be a Metasploit::Credential::Origin::Service or Metasploit::Credential::Origin::Session instance, an Mdm::Service can't be used. I think this is because it needs to be associated with a module too which is fine, mo info mo betta. This does however complicate the pattern where a module has a service that it has reported, then it's obtained a credential from that service such as a certificate from MS-ICPR or AD CS Web Enrollment. In that case, the Mdm::Service object could be passed as the origin but then the information is omitted from the creds command. This allows a caller to pass the Mdm::Service as the :service argument, and when it is it's used instead of taking the opts to create a new service instance.

If a :service_id is specified, it takes precedence. Ultimately, it's the ID that's used to create the Metasploit::Credential::Origin::Service instance.

[Copilot]

Pull request overview

This PR updates the credential origin creation flow to allow callers to explicitly bind a credential origin to an existing Mdm::Service (or a :service_id), improving how service-associated creds surface in creds output by ensuring origins are Metasploit::Credential::Origin::Service.

Changes:

• Extend create_credential_origin_service to accept :service (and :service_id) to reuse an existing service instead of always creating one.
• Prefer :service_id (or :service.id) when creating Metasploit::Credential::Origin::Service, falling back to create_credential_service only when needed.
• Update method documentation to mention the new :service option.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.