Support Multi-Tenant linked backend

[carlin-q-scott]

Is your feature request related to a problem? Please describe.
I would like to supply my linked backend, a Container App, with an identifier for it to be able to determine the tenant accessing the backend.

Describe the solution you'd like
The simplest solution is to include the Web App auth token's "typ": "http://schemas.microsoft.com/identity/claims/tenantid" claim in the backchannel principal claims.

Describe alternatives you've considered

1. Don't use the backchannel by redirecting /api/* to my backend host. This didn't work because I can't use the .referrer variable to set the original request path when using a full URL redirect.
2. Use an angular environment configuration file to set the backend base path to the container app.
3. Don't use Static Web App and host my website in Container App. This is what I'm going with because it provides a seamless user experience with a unified auth session.

The first two alternatives aren't great, because while the AAD client is the same for both Web App and Container App, they're different subdomains with their own encryption key, and therefore need separate session cookies. That requires an ajax request from the web app to authenticate with AAD.

Additional context

I'm using a custom azureActiveDirectory IdP configured in the staticwebapp.config.json with the multi-tenant login endpoint provided by AAD. This provides the complete list of claims for the user account, including tenant id and AAD groups.

{
  "auth": {
    "identityProviders": {
      "azureActiveDirectory": {
        "enabled": true,
        "registration": {
          "openIdIssuer": "https://login.microsoftonline.com/common/v2.0"