Provide options to override MS authentication flows

[mjcheetham]

At the moment we force users to use a particular Microsoft authentication flow (via MSAL) based on the current environment.

• If there's an interactive session..
  • ..on Windows we use the embedded browser flow.
  • ..on non-Windows..
    • ..with a native UI helper we use that helper.
    • ..without a native UI helper we use the system browser.
• If there's no interactive session we use device code flow.

The user should be free to select the flow they prefer, rather than forcing them to use the one we deem "best". The system browser or device-code flows can be used enable scenarios like FIDO or Windows Hello, which may be desirable.

Visual Studio already offers an option to change the authentication flow.

This can be implemented pretty easily by introduction of a GCM_MSAUTH_FLOW/credential.msAuthFlow or similar setting that is respected by the MicrosoftAuthentication component.

Note: Use of the system browser requires a localhost redirect be set in the AAD configuration. We would need to ensure this was set correctly.