Add more non-interactive authentication modes

[oskarm93]

Is your feature request related to a problem? Please describe.
I am frustrated when trying to run Azure CLI from PowerShell silently.

az login currently supports these non-interactive authentication modes:

• login with user credentials
• login with SP credentials
• login with SP certificate file (PEM only)
• login with system managed identity
• login with user assigned managed identity

I would like to see some more that are mostly applicable to Windows environments.

Describe the solution you'd like

• login with SP certificate coming from a certificate store (Windows only)
• login with an existing access token obtained for the appropriate audience, such as piping Azure PowerShell access token into Azure CLI.
• single sign-on with Windows identity from a domain environment connected to an AAD tenant with ADFS

I don't want to provide any credentials (user credentials or SP ID / Key) via CLI to login silently, because it's the least secure option. However, it's fine if I can't use single sign on if I am stopped by MFA.

Describe alternatives you've considered
We are now trialing login with user assigned managed identity case with preview managed identities.

Additional context
I am trying to call az acr build and az acr repository commands from PowerShell, because Azure PowerShell set of ACR commands is lacking.

[yugangw-msft]

This requires better Windows support from Python. CC @zooba who is working in this area.

[oskarm93]

@yugangw-msft Does the following scenario also require Windows support from Python?

login with an existing access token obtained for the appropriate audience, such as piping Azure PowerShell access token into Azure CLI.

It would greatly simplify our CI scripts in VSTS if we had this feature.

[yonzhan]

add to S164.