ACR: Support scope-tokens

[davidkarlsen]

What do you want to improve?

Avoid root-access keys by either using managed identities or scope-tokens.

What is the current behavior?

Docs at https://janus-idp.io/plugins/acr tell to generate access token, but this will have a short-validity period.

What will the new behavior be?

See https://azure.github.io/acr/Token-BasicAuth.html#using-the-token-api, let user define a scope token, and have a backend plugin do the login to keep the token fresh and provide api.