Authentication infrastructure updates for CAE support

[baywet]

For kiota clients to support continuous access evaluation the request adapter needs to pass token invalidation information to the authentication provider (which in turn would pass it to the access token provider).

Todo

• update the authenticate request method of authentication provider to accept an optional property bag parameter
• update the get access token method of access token provider to accept an optional property bag parameter
• update the base bearer token class to pass this parameter to the access token provider
• update the base bearer token implementation to always replace/update the access token on a request information instead of noop when already present.
• update the request adapter implementation to claims value of the www authenticate response header upon receiving a 401 response, call authenticate request again with that value in the property bag parameter, and then retry the request.
• update the azure identity access token implementation to get the claims value of the www authenticate response header and use it in the token acquisition context when passed.
• Seek to the beginning of the stream if the request has a request body, if the body is not seekable, don't retry.

Testing instructions

Check your tenant is enabled

If you have an older tenant, check whether you need to migrate your tenant to get the new security defaults

If you have a new tenant, or once you're migrated, the new default policies should apply.
A good way to check for this is to see whether the access tokens being delivered are valid for more than an hour.

Revoke the sessions

You can call the revoke sign-in sessions endpoint to revoke all current session for a given user, it take a couple of minutes to kick-in but the requests made with a delegated context for that user should start seeing 401's coming back.
Another way to check for this would be to reset the user's password.