Support account definitions that use app-only tokens

This requires adding support for certificate based authentication so that MDS can request "app only" tokens from AAD. Since we're already using ADAL, it shouldn't be too hard to add.

We'll just need to update the Accounts configuration to support storing a private certificate as part of the app details, and then passing that certificate to ADAL when requesting a token.
