Return a friendlier error when no scopes are specified

[chlowell]

Token acquisition methods require a []string of scopes but don't require it to contain values. If it's empty, the method will request a token for default scopes "openid offline_access profile" and return an error from AAD like

{error":"invalid_scope","error_description":"AADSTS1002012: The provided value for scope
openid offline_access profile is not valid. Client credential flows must have a scope value 
with /.default suffixed to the resource identifier (application ID URI)...}

Is there a scenario in which requesting these default scopes gets a useful token? If not, please consider returning a friendlier error to callers who don't specify a scope.

[element-of-surprise]

#403

[element-of-surprise]

Change merged, closing this out.