The Entra auth implementations for Entra Interactive and Entra Password should use broker when available

[shueybubbles]

Is your feature request related to a problem? Please describe.

Many companies have conditional access policies and other strict limitations on MSAL-based authentication. Without broker, users trying to use ActiveDirectoryPassword are blocked if the customer has any CAPS related to machine state like "domain joined".
Some companies even plan to disable non-broker-based authentication flows to access their resources.

Describe the solution you'd like

The default implementation of the Entra auth flows that can use broker should do so in environments where broker is available.

[HamsterExAstris]

AccessTokenCallback can be used to perform brokered authentication with v5.2.0 or later.

Supporting brokered auth through configuration might make sense for Interactive, but I don't think Password supports it at all.

If it was made the default, there would need to be a way to disable it through configuration. There are scenarios where brokered auth doesn't work. (e.g. when running an application as a different Windows account than the currently logged-in user.)

[paulmedynski]

We have an internal task tracking this already, targeting the MDS 7.0 release. I have linked this issue to it.