Purge task fails with 401 after 3 hours on ABAC-enabled registries

[lizMSFT]

Describe the bug
When running acr purge as an ACR Task on an ABAC-enabled registry, the operation fails with HTTP 401 after approximately 3 hours. The ACR refresh token has a 3-hour TTL. The acr-cli's refreshAcrCLIClientToken() only refreshes the short-lived access token using the stored ACR refresh token, when the refresh token itself expires, GetAcrAccessToken returns 401 and there is no recovery path.

Non-ABAC registries are unaffected because they receive a longer self-issued token from the Tasks scheduler.

To Reproduce
Steps to reproduce the behavior:

1. Create an ACR Task with a purge step targeting an ABAC-enabled registry with a large number of images (requiring >3 hours to complete)
2. Run the task
3. After ~3 hours, the task fails with: acr.BaseClient#GetAcrAccessToken: Failure responding to request: StatusCode=401

Expected behavior
The purge operation should complete successfully regardless of duration by renewing the refresh token when it expires.

Any relevant environment information

• acr-cli version: v0.19 (also affects v0.18 and all prior versions)
• Registry: ABAC-enabled
• Task trigger: Timer-triggered scheduled task

Additional context

• Workaround: Split purge into multiple tasks with --filter patterns (each <3hrs), increase --concurrency, or run more frequently to prevent backlog.