Just a simple matter of using the proper scope when talking with CosmosDB, which apparently didn't support token auth when this library was first created.
Also includes some work to bring this up "to code", as it were:
* Tests now test against TokenCredentials for both Storage and CosmosDB (previously they only tested the constructor). Bicep file also now has an example of creating a custom role that contains the privileges needed since Cosmos has it's own RBAC.
* Readme and other text all updated to say "Entra ID" instead of AAD
Fixes#21760
6055ff776e