Move multi-tenant authentication-supporting code into azure-core

[mccoyp]

Context: Key Vault currently supports multi-tenant authentication during tenant discovery, in which the home tenant of a resource is returned by the service during challenge authentication. The resource's tenant is included as part of an authorization URI returned by the service -- in KV, this tenant ID is parsed and given to token requests. This allows a user to authorize requests to a resource even if the credential provided to the current client was constructed to authenticate in a different tenant.

Other services want to support this scenario, and the challenge auth flow should be service-agnostic since this is an AAD feature. So, it makes sense to support multi-tenant auth with an azure-core authentication policy instead of having each service use custom code to parse out and use the returned tenant ID. This issue tracks moving relevant code out of KV and into Core to support this.