AAD and LocalAuthentication should not be mutually exclusive.

[zyofeng]

Currently if SetAzureTokenCredential is called, then TelemetryClient will include a bearer token when calling AI /v2.1/track endpoint, and even if local authentication is still enabled the endpoint will return 403 unless Metrics publisher role is granted.

This makes it harder to migrate existing apps to AAD because switching from local auth to AAD requires a code change/deployment using SetAzureTokenCredential on top of adding the roles in Azure.

Ideally something similar to Microsoft.Data.SqlClient where we can specify authentication method in the Connectionstring like this and avoid code change that would be great. InstrumentationKey=xxxxxx-xxxx-xxx-xxx-xxxxxxx;IngestionEndpoint=https://xxxxxxxx.in.applicationinsights.azure.com/;LiveEndpoint=https://xxxxxx.livediagnostics.monitor.azure.com/;**Authentication=Active Directory Default**;

Alternatively if we can make local authentication work despite calling SetAzureTokenCredential.