Add fmi_path parameter to acquire_token_for_client

Adds Federated Managed Identity (FMI) support to ConfidentialClientApplication.acquire_token_for_client(), consistent with WithFMIPath() in MSAL Go and .WithFmiPath() in MSAL .NET.

Usage

import msal

app = msal.ConfidentialClientApplication(
    "your-client-id",
    client_credential={"private_key_pfx_path": "/path/to/cert.pfx", "public_certificate": True},
    authority="https://login.microsoftonline.com/your-tenant-id",
)

result = cca.acquire_token_for_client(
    scopes=["api://resource/.default"],
    fmi_path="SomeFmiPath/FmiCredentialPath",
)

What is included

New optional FMI path parameter on the client credential method — sends the path in the token request body and validates it is a string
Cache key extensibility — tokens acquired with different FMI paths are cached separately using a SHA-256 hash, with the "atext" credential type to match Go and .NET cache key format
Cache isolation — FMI-cached tokens do not interfere with regular client credential calls or with each other
Standard field exclusion — all standard OAuth2 body parameters are excluded from the cache key hash so only non-standard fields like the FMI path differentiate cache entries
Cross-MSAL compatibility — the hash algorithm produces identical output to MSAL Go and MSAL .NET, verified against their test vectors

E2E test

Added E2E test to msid client