Investigate and correct refresh_in behavior

[Avery-Dunn]

While make changes in #929 and #931, we discovered that the behavior of the silent flow is incorrect when a refresh_in value is set:

• AcquireTokenSilentSupplier has two main flows, depending on whether or not an account is passed into the silent call
  • If an account is passed in, we look up cached tokens based on account data, and if we find a cached token we check if it needs to be refreshed (and use the refresh token to do so)
  • If no account is passed in, we look for cached tokens based on the assertion, and simply return the cached token if one is present
  • The above behavior has existed since MSAL Java 1.0 (or earlier), and was done because account-based flows are generally the ones which have refresh tokens (OBO is one exception)
• However, when support for proactive refresh was added this behavior wasn't taken into account for confidential client scenarios, and as a result it appears that refresh_in values are not being honored for those flows
  • refresh_in is checked along with every other refresh reason in a single method, and these checks are only performed if an account is passed into the silent flow

We should investigate the behavior of the silent flow and proactive refresh in confidential client scenarios to confirm his behavior and correct it by either:

• Refactoring of AcquireTokenSilentSupplier to continue handling every scenario in one place, though this has historically led to over-complicated methods in that class which are hard to improve and debug
• Look into following MSAL.NET's style of delegating silent call/refresh behavior to each individual Supplier class