Support token binding for public client apps

[scottaddie]

Intro: Proof of Possession is intended to ensure that the client that requests a token is the only client that can use the token. This is accomplished by the client generating a key pair and requesting that the public key be included in the issued access token. The client library then generates a wrapper token signing it with the private key that is only known to it.

Proposal:

1. Ensure all Azure Identity SDKs are able to call into WAM (this will give RT binding on Windows, for public client). This feature is available in .NET as a preview.
2. Add API support for using access token binding. This requires the app developer to inform the SDK about the protected API they're about to call (i.e. what is the target URL), and to extract a nonce from 401 and 200 headers.