[azure-identity] `CertificateCredential` passes `private_key` to MSAL with incorrect type

[jiasli]

• Package Name: azure-identity
• Package Version:
• Operating System:
• Python Version:

Describe the bug
When CertificateCredential builds the client_credential dict and passes it to MSAL, it sets private_key as bytes:

azure-sdk-for-python/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py

Line 169 in 07d1063

client_credential = {"private_key": cert.pem_bytes, "thumbprint": hexlify(cert.fingerprint).decode("utf-8")}

But in MSAL's document, private_key should be a str:

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/3279f045dc573d8408ddcdf3565e8b16247627be/msal/application.py#L257

                        "private_key": "...-----BEGIN PRIVATE KEY-----... in PEM format",

Its underlying jwt.encode also requires key as str:

It is fortunate that jwt.encode is smart enough to support key as bytes: https://github.com/jpadilla/pyjwt/blob/527fec277e8215a197f8facd3778b359043704ef/jwt/algorithms.py#L336, but this is undocumented behavior and may break unexpectedly.

Expected behavior
azure-identity should strictly follow MSAL's documentation to invoke MSAL.

[github-actions]

Thank you for your feedback. Tagging and routing to the team member best able to assist.