Fix up ContainerRegistry Authentication for OCI

Updates the ContainerRegistry authentication logic to work with OCI
compliant registries like `ghcr.io`. The changes skip using the Azure
environment credentials unless the bearer service ends with
`.azurecr.io` as these tokens are only useful for ACR. The Azure
AccessToken to Bearer token exchange is also simplified with an
unecessary step removed.

A new special prefix is used for the username when a credential
represents an Azure AccessToken. This is necessary to ensure that only
these specific types of credentials will use the Azure specific steps
for authentication.

Author: jborean93

.ci/test.yml

@@ -111,7 +111,7 @@ jobs:
         Write-Verbose -Verbose "Setting up secret for Azure Container Registry"
         $azt = Get-AzAccessToken
         $tenantId = $azt.TenantID
-        Set-Secret -Name $tenantId -Secret $azt.Token -Verbose
+        Set-Secret -Name "AzureAccessToken: $tenantId" -Secret $azt.Token -Verbose
         $vstsCommandString = "vso[task.setvariable variable=TenantId]$tenantId"
         Write-Host "sending " + $vstsCommandString
         Write-Host "##$vstsCommandString"