internal: add broken auth header provider

Azure AD applications use login.microsoft.net for token URLs for OAuth
and OpenID Connect. This service expects the OAuth client ID and client
secret in the body of the OAuth exchange request.

Fixes #238

Change-Id: I9cfd46787ebfb27cf2775dd3357eb26e089322a3
Reviewed-on: https://go-review.googlesource.com/47097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

internal/token.go

@@ -103,6 +103,7 @@ var brokenAuthHeaderProviders = []string{
 	"https://app.box.com/",
 	"https://connect.stripe.com/",
 	"https://graph.facebook.com", // see https://github.com/golang/oauth2/issues/214
+	"https://login.microsoft.net",
 	"https://login.microsoftonline.com/",
 	"https://login.salesforce.com/",
 	"https://oauth.sandbox.trainingpeaks.com/",