Implement On-Behalf-Of (OBO) flow

[weinong]

1. On-Behalf-Of (OBO) flow is added for unmanaged kubernetes (third party, using user specified AAD applications) as well as Azure Kubernetes Service (which uses first party OBO service)
2. Separate out the token logic from Get Group logic
3. refactored the original login() function into client-credential flow which follows the new TokenRefresher interface

This implements #131 #235

[weinong]

@krdhruva @tamalsaha can you please take a look?

[tamalsaha]

Thank you to both of you getting this pr ready @weinong @karataliu .

Do you need to update anything in the docs? Azure docs are here: https://github.com/appscode/guard/blob/master/docs/guides/authenticator/azure.md

If the docs needs any change, can you please open a separate pr against it? Then we can cut a release.

[weinong]

@tamalsaha yes i will update doc in separate PR. thanks!

[weinong]

@tamalsaha are we OK to merge now?

[tamalsaha]

@weinong , all the pieces are in place. I am going to read over it over the weekend and merge it. Thank you for bearing with me.

[tamalsaha]

We have released https://github.com/appscode/guard/releases/tag/v0.5.0-rc.0