Add document for disabling token cache encryption

[jiasli]

... So yes, using a token can be helpful but adding a possibility to allow a non encrypted cache flag can be useful as well. MSAL allow this even on Windows why not encrypt by default the token serialization cache and propose a flag to make the local cache not encrypted?

Originally posted by @SCOMnewbie in #28484 (comment)

[azure-client-tools-bot-prd]

Hi @jiasli
Find similar issue #19506.

Issue title	[Enhancement Proposal] Add config option to disable token cache encryption
Create time	2021-09-09
Comment number	4

Possible solution:
As mentioned in that issue, instead of using allow_unencrypted or fallback_to_plaintext and let Azure CLI try its best to encrypt, we should introduce a definitive option like plaintext to force unencrypted token cache, so that complex platform-dependent problems can be bypassed. This has been implemented in #20432 as core.encrypt_token_cache. Additionally, if you want to opt-in to unprotected token cache behavior, you can use the FilePersistence in MSAL EX Python.

---

Please confirm if this resolves your issue.

[yonzhan]

Thank you for opening this issue, we will look into it.

[jiasli]

Allowing disabling token cache encryption was previously discussed in #19506.

Azure CLI does have a config option core.encrypt_token_cache for disabling token cache encryption:

az config set core.encrypt_token_cache=false

However, this feature is still marked as a EXPERIMENTAL and not officially documented:

azure-cli/src/azure-cli-core/azure/cli/core/util.py

Lines 1354 to 1356 in 60035ac

	# EXPERIMENTAL: Use core.encrypt_token_cache=False to turn off token cache encryption.
	# encrypt_token_cache affects both MSAL token cache and service principal entries.
	encrypt = cli_ctx.config.getboolean('core', 'encrypt_token_cache', fallback=fallback)