Only use managed identity when create DefaultAzureCredential

Description

On DXP, clients can use KeyVault for data encryption and decryption. There are two ways for KeyVault authentication:

• Environment credentials – TenantID, ClientId, ClientSecret.
• Managed identity – Clients can create an identity object with a username and assign it to relevant roles, then use the object for KeyVault authentication. Using managed identity is a popular approach now for authentication as it is a simpler way to set up information than environment credentials. See Manage identity types on the Microsoft website.

Currently, to add data protection for BLOB, clients call the AddDataProtectionToBlobStorage() extension method, which instantiates DefaultAzureCredentialOptions.  The instance contains information about environment credentials and managed identity for KeyVault authentication. By default, environmental credentials are prioritized first, and then, if the authentication fails, the managed identity started to be used. This causes an inconvenience for clients because they prefer using managed identity (more modern and popular than environment credentials).

By default, you should ignore environmental credentials in authentication and instead, use managed identity by creating the instance by using the following code line in the extension method:

{{new DefaultAzureCredentialOptions

}}