Add support for cert store lookup by subject name

[iNinja]

Add support for cert store lookup by subject name

This pull request adds support for loading X.509 certificates from a certificate store by subject name, enhancing the flexibility of certificate selection in Microsoft.Identity.Web. The changes introduce a new certificate source type, implement the corresponding loader, update the core logic to register and use this loader, and add comprehensive tests to ensure correctness and backward compatibility.

Certificate Store Loading by Subject Name:

• Added a new certificate source type StoreWithSubjectName to the CertificateSource enum, allowing certificates to be selected by subject name substring.
• Implemented the StoreWithSubjectNameCertificateLoader class to load certificates from the store using a subject name match.
• Added the static method CertificateDescription.FromStoreWithSubjectName to create certificate descriptions for this new source type.

Core Logic and Registration Updates:

• Registered the new loader in DefaultCredentialsLoader, ensuring it is available alongside existing loaders.
• Updated dependency version for MicrosoftIdentityAbstractions to 11.1.0 in Directory.Build.props for compatibility.

Testing and Backward Compatibility:

• Added and updated unit tests to verify the new loader, its registration, and usage, as well as backward compatibility with loader counts and custom loader scenarios.

[jmprieur]

What problem does this solve?
Unless i misunderstand, It's already supported in CredentialDescription? And certificate description already has a static method?

If its really something new, you need to change abstractions first @iNinja

[iNinja]

What problem does this solve? Unless i misunderstand, It's already supported in CredentialDescription? And certificate description already has a static method?

If its really something new, you need to change abstractions first @iNinja

This is addressing a requirement raised by a partner team where they were loading certificates by distinguished name, but in certain environments the certificate failed to load, leading to an outage. They requested to be able to load the certificate based on the subject name, similar to how it was done in ADAL.NET.

We have introduced already this into abstractions as you mention, here: AzureAD/microsoft-identity-abstractions-for-dotnet#245 @jmprieur

[bgavrilMS]

What problem does this solve? Unless i misunderstand, It's already supported in CredentialDescription? And certificate description already has a static method?

If its really something new, you need to change abstractions first @iNinja

@jmprieur - Problem that it solves: today, the "load by DN" does a full string match on the subject. But it turns out that various cert providers are inconsistent with their DN, sometimes they add things like "OU" or "C" and sometimes they don't. This varies from cloud to cloud too. So a partial subject name loader was proposed.

Abstractions were changed.