Adding client assertion claims

[trwalke]

Fix for #231
This pull request adds support for specifying client assertion claims in the MicrosoftEntraApplicationOptions class, enabling scenarios where custom claims are needed for client authentication via signed JWTs. The changes ensure that these claims are properly handled during object cloning and are exposed in the public API surface across all target frameworks.

MicrosoftEntraApplicationOptions enhancements:

• Added a new property ClientAssertionClaims of type IDictionary<string, string>? to MicrosoftEntraApplicationOptions, allowing users to set custom claims for client assertions. This property includes XML documentation explaining its purpose and usage.
• Updated the copy constructor of MicrosoftEntraApplicationOptions to ensure that ClientAssertionClaims is copied when cloning an instance.

Public API updates:

• Registered the new ClientAssertionClaims property in the public API files for all supported frameworks, making it available to consumers.

Testing improvements:

• Extended the CloneClonesAllProperties unit test to verify that ClientAssertionClaims is correctly cloned and preserved in downstream API options. [1] [2]# {PR title}

• You've read the Contributor Guide and Code of Conduct.
• You've included unit or integration tests for your change, where applicable.
• You've included inline docs for your change, where applicable.
• There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Summary of the changes (Less than 80 chars)

Description

{Detail}

Fixes #{bug number} (in this specific format)

[jmprieur]

Some of the tests are incorrect (probably testing a previous attempt)
Aside

There can be cases where the claims in the signed assertion is per request, right @bgavrilMS ? For instance the Fmi path in the case of Agent identies?

What is the scenario for the signed assertions on the app? is it for Ip address etc ?

[trwalke]

Some of the tests are incorrect (probably testing a previous attempt) Aside

There can be cases where the claims in the signed assertion is per request, right @bgavrilMS ? For instance the Fmi path in the case of Agent identies?

What is the scenario for the signed assertions on the app? is it for Ip address etc ?

I am not familiar with Fmi path in the case of Agent identies Does this use MSAL's WithClientClaims? or the standard WithClaims(). MSAL's WithClientClaims() only gets set at the app level along with the certificate they will be used with.

@jmprieur @bgavrilMS @MZOLN

[bgavrilMS]

@trwalke - let's please pause this for a few days. We don't need to ship this the December release of our SDKs.

[bgavrilMS]

Some of the tests are incorrect (probably testing a previous attempt) Aside

There can be cases where the claims in the signed assertion is per request, right @bgavrilMS ? For instance the Fmi path in the case of Agent identies?

What is the scenario for the signed assertions on the app? is it for Ip address etc ?

The scenario is for sending some custom information from client to eSTS when using a Certificate as a credential. Agentic flows do use federated credentials, so they are not affected.