{Profile} az login: Refine error message when tenant is not found

[jiasli]

Description

Resolve #14096

In az login, when --tenant is not a valid GUID, CLI will try to query the tenant information from AAD - Fetch the OpenID Connect metadata document (#10418).

If the tenant is not found, CLI shows error

> az login -t non-existing-tenant.onmicrosoft.com
usage: az login [-h] [--verbose] [--debug] [--only-show-errors]
                [--output {json,jsonc,yaml,yamlc,table,tsv,none}]
                [--query JMESPATH] [--username USERNAME] [--password PASSWORD]
                [--service-principal] [--tenant TENANT]
                [--allow-no-subscriptions] [-i] [--use-device-code]
                [--use-cert-sn-issuer]
az login: error: 'issuer'

This is not intuitive.

This PR exposes the real error message:

> az login -t non-existing-tenant.onmicrosoft.com
Failed to resolve tenant 'non-existing-tenant.onmicrosoft.com'.

Error detail: {"error":"invalid_tenant","error_description":"AADSTS90002: Tenant 'non-existing-tenant.onmicrosoft.com' 
not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct 
tenant ID. Check with your subscription administrator.\r\nTrace ID: 94a33bd9-6457-4f89-89f2-1b9144120200\r\nCorrelation 
ID: 652bdb39-211a-423c-aadf-95e4c6401159\r\nTimestamp: 2020-07-24 07:57:38Z","error_codes":[90002],
"timestamp":"2020-07-24 07:57:38Z","trace_id":"94a33bd9-6457-4f89-89f2-1b9144120200","correlation_id":
"652bdb39-211a-423c-aadf-95e4c6401159","error_uri":"https://login.microsoftonline.com/error?code=90002"}

Testing Guide

# Valid tenant 
az login -t azuresdkteam.onmicrosoft.com

# Invalid tenant
az login -t non-existing-tenant.onmicrosoft.com

[yonzhan]

add to S173

[mmyyrroonn]

Just want to confirm, is 200 the only valid value?

[jiasli]

I think so, but the doc Fetch the OpenID Connect metadata document never gives a clear confirmation.