AzureAD/microsoft-identity-web 4.4.0 on GitHub

Add AOT-compatible web API authentication for .NET 10+. See #3705 and #3664.
Propagate long-running web API session key back to callers in user token acquisition. See #3728.
Add OBO event initialization for OBO APIs. See #3724.
Add support for calling WithClientClaims flow for token acquisition. See #3623.
Add OnBeforeTokenAcquisitionForOnBehalfOf event. See #3680.

Throw InvalidOperationException with actionable message when a custom credential is not registered. See #3626.
Fix event firing for InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync. See #3717.
Update OnBeforeTokenAcquisitionForOnBehalfOf to construct ClaimsPrincipal from token. See #3714.
Add a retry counter for acquire token and updated tests with a fake secret. See #3682.
Fix OBO user error handling. See #3712.
Fix override merging for app token (and others). See #3644.
Fix certificate reload logic to only trigger on certificate-specific errors. See #3653.
Update ROPC flow CCA to pass SendX5C to MSAL. See #3671.

Bump qs in /tests/DevApps/SidecarAdapter/typescript. See #3725.
Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See #3730.
Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See #3726.
Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See #3699.
Update to MSAL 4.81.0. See #3665.

Add documentation for auto-generated session key for long-running OBO session. See #3729.
Improve the Aspire doc article and skills. See #3695.
Add an article and agent skill to add Entra ID to an Aspire app. See #3689.
Fix misleading comment in CertificatelessOptions.ManagedIdentityClientId. See #3667.
Add Copilot explore tool functionality. See #3694.