Consider updating samples and docu with AddOpenIdConnect option DisableTelemetry

[JeroenBer]

During penetration testing we got a remark about x-client-SKU and x-client-ver query string parameters exposing information about the used software versions. This might give clues to attackers about which software version is used and they might try known exploits.

The solution was to DisableTelemetry in OpenIdConnection options. Unfortunately this is not the default. Maybe wise to add this in the sample code and documentation so that people might not overlook this.

// Disable x-client-SKU and x-client-ver headers (Security issue)
options.DisableTelemetry = true;

[josephdecock]

Thanks, is a great suggestion!

[josephdecock]

I think this should mostly be done in the samples repo - most of the time in the documentation we either omit most options or are doing a tutorial where extra options are just distracting.

[RolandGuijt]

I've just completed a series of PRs. All relevant clients now have the flag enabled.