Handle client certificate rotation for token binding

[christothes]

Contributing to the Azure SDK

Please see our CONTRIBUTING.md if you are not familiar with contributing to this repository or have questions.

For specific information about pull request etiquette and best practices, see this section.

[Copilot]

Pull Request Overview

This PR implements support for client certificate rotation in the Azure.Core transport layer to enable dynamic token binding scenarios. The changes allow transport instances to be updated with new certificate configurations at runtime without requiring full pipeline reconstruction.

Key Changes:

• Added UpdateTransport method to HttpPipelineTransport base class and implementations in HttpClientTransport and HttpWebRequestTransport
• Introduced ISupportsTransportCertificateUpdate interface for policies that need to trigger transport updates
• Extended AccessToken with a BindingCertificate property for Proof of Possession (PoP) scenarios
• Added comprehensive test coverage for certificate rotation scenarios (rotating from empty, rotating from existing cert)

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
sdk/core/Azure.Core/src/Pipeline/Internal/ISupportsTransportUpdate.cs	New internal interface for policies that support transport certificate updates via event subscription
sdk/core/Azure.Core/src/Pipeline/HttpPipelineTransport.cs	Added virtual UpdateTransport method to base transport class with default NotSupportedException
sdk/core/Azure.Core/src/Pipeline/HttpClientTransport.cs	Implemented UpdateTransport with support for client and handler factories, using volatile field and Interlocked for thread-safety
sdk/core/Azure.Core/src/Pipeline/HttpWebRequestTransport.cs	Implemented UpdateTransport using Interlocked.Exchange for thread-safe configuration updates
sdk/core/Azure.Core/src/Pipeline/HttpPipeline.cs	Added subscription to ISupportsTransportCertificateUpdate events in constructors to enable transport updates
sdk/core/Azure.Core/src/Pipeline/HttpPipelineTransportOptions.cs	Added internal Clone method for creating copies of transport options during updates
sdk/core/Azure.Core/src/AccessToken.cs	Added BindingCertificate property and constructor overload to support token binding with client certificates
sdk/core/Azure.Core/tests/TransportFunctionalTests.cs	Added two new test methods for certificate rotation scenarios plus code formatting improvements
sdk/core/Azure.Core/tests/PipelineTestBase.cs	Extracted GetCertificate helper method and added second test certificate constant (Pfx2)
sdk/core/Azure.Core/tests/HttpPipelineTests.cs	Added test for transport update mechanism with TransportUpdatingPolicy test class
sdk/core/Azure.Core/tests/HttpClientTransportFunctionalTest.cs	Removed unused certCallback field
sdk/core/Azure.Core.TestFramework/src/MockTransport.cs	Implemented UpdateTransport to track transport updates in tests
sdk/core/Azure.Core.TestFramework/src/Azure.Core.TestFramework.csproj	Changed from PackageReference to ProjectReference for Azure.Core (likely temporary for testing)
sdk/core/Azure.Core/api/*.cs	Updated API surface files for all target frameworks with new public constructors and methods

[github-actions]

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Azure.Core