Sample instructions should not create a secret in source code

[johnterickson]

I followed the instructions here and was surprised that the CLIENT_SECRET was not only written to disk in plain text, but was written to the source code directory in a file that is already tracked by source code.

[CatherineOsadciw]

That code is pulled directly from the Azure portal quickstart for generating a sample web app using MSAL. The full public documentation that has not yet been released for this API specifically includes a warning that this should not be done in production code & offers 2 alternatives, which matches the messaging in the Azure portal when generating a quickstart app.

I could either add the same messaging directly to the README here, allowing the user to choose whatever alternative to secret management is best for them, or diverge from the Azure quickstart default and adjust the code to use an environment variable (currently suggested in the config file comments for all quickstart apps, including this one).