Feat microsoft provider v2

[afourniernv]

Summary

Add a Microsoft Agent S2S provider to OpenShell so sandboxed workloads can consume brokered Microsoft runtime tokens without embedding long-lived credentials in the workload. This PR establishes the provider, gateway broker, and sandbox-local
token resolver, while keeping the consumer side flexible because current client libraries expose different auth integration surfaces.

Related Issue

Changes

• Added a new microsoft-agent-s2s provider/profile for Microsoft runtime-agent S2S identity
• Added gateway-side brokering for audience-specific Microsoft bearer tokens
• Added sandbox-local token delivery for brokered Microsoft tokens
• Preserved the existing NAT-compatible token URL contract
• Added a second direct token resolver request shape for future non-NAT consumers
• Added provider/policy validation and tests for the new brokered token path

Testing

• mise run pre-commit passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)

Design Notes

• The provider is intentionally scoped to a single identity model: Microsoft runtime-agent / blueprint-based S2S identity with audience-specific short-lived bearer tokens.
• Delegated / OBO user flows are intentionally out of scope for this PR and should likely live under a separate provider later.
• The client side is intentionally left as separate lanes because the current consumers do not share a single mature auth contract.
• NAT already has its own auth-provider abstraction, so the existing NAT-compatible token URL shape is preserved.
• A365 observability already has a callback/token-resolver seam, so it should be able to consume this provider without an extra OpenShell-specific adapter layer.
• A365 tooling does not currently expose the same callback seam as observability, so this PR leaves room for wrapper-based integration now and a better upstream callback later.
• To support those different lanes without coupling the provider to one client, the sandbox resolver now supports both the existing GET-style contract and a direct POST JSON request shape.

Additional Validation

• cargo test -p openshell-sandbox provider_tokens -- --nocapture
• Live AKS validation on the refreshed sandbox/supervisor image
• Verified injected sandbox token envs on the live validation deployment:
  • A365_TOKEN_PROVIDER_URL
  • OPENSHELL_MICROSOFT_AGENT_S2S_TOKEN_PROVIDER_URL
  • OPENSHELL_MICROSOFT_AGENT_S2S_TOKEN_URL
• Verified the hosted bridge/caddy path still returns the expected 401 Unauthorized smoke response from the sandboxed NAT app

I have read the DCO document and I hereby sign the DCO.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

All contributors have signed the DCO ✍️ ✅
_{Posted by the DCO Assistant Lite bot.}

[afourniernv]

I have read the DCO document and I hereby sign the DCO.

[afourniernv]

recheck