Review all samples to ensure token caching is used

[Avery-Dunn]

The only sample which still shows the bad pattern of 'make client app -> acquire token -> destroy client app' is device code flow here, all others were fixed some time ago.

However, while only that sample shows 'terrible' cache use, pretty much none of the samples demonstrate good cache use with a good explanation of why the samples do what they do. This is a very critical component for all but the simplest applications, and deserves a lot of attention in samples.

So, action items are probably:

• Show use of the token cache in the device code flow sample
• Ensure all samples have explanations in comments and READMEs explaining how the token cache gets made, how it gets used, and how it can be serialized
  • A clear distinction between proper public client and confidential client apps should be made, with best practices shown for each type

[bgavrilMS]

I would propose the following:

1. Update public client samples to use the public client token cache.
2. Add the "shared token cache" option to MSAL 4J and update client_creds samples to use that
3. Update the web app and web api to use Google Guava cache I created.