Add path1 confidential client e2e test driver + fix AADAuthority tenantless check

- Add Path1ConfidentialClient.java: mirrors msal-go path1_confidential/main.go
  - 4 error cases: missing region, /common, /organizations, secret credential
  - Happy path: acquire mTLS PoP token, print binding cert, cache check, downstream call
  - PEM loading with PKCS#1/PKCS#8 auto-detect + bundled test cert fallback
- Add E2ETestRunner.java: dispatcher; routes path1/path2 args to test drivers
- Update Path2ManagedIdentity.java: add static run() method for dispatcher
- Update pom.xml: mainClass → E2ETestRunner, add e2e resources dir
- Fix AADAuthority.isTenantless: now true for both 'common' and 'organizations'
  (was only 'common') so validateMtlsPopParameters catches /organizations correctly
- Add mtls-test-cert.p12 as bundled e2e resource (no PEM files required for error tests)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Robbie-Microsoft

msal4j-mtls-extensions/pom.xml

@@ -28,7 +28,7 @@
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>msal4j</artifactId>
-            <version>1.23.1</version>
+            <version>1.24.0</version>
         </dependency>
 
         <!-- JNA: calls ncrypt.dll and AttestationClientLib.dll without a compiled JNI DLL -->
@@ -98,6 +98,18 @@
                             </sources>
                         </configuration>
                     </execution>
+                    <execution>
+                        <id>add-e2e-resources</id>
+                        <phase>generate-resources</phase>
+                        <goals><goal>add-resource</goal></goals>
+                        <configuration>
+                            <resources>
+                                <resource>
+                                    <directory>src/e2e/resources</directory>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
                 </executions>
             </plugin>
 
@@ -127,7 +139,7 @@
                             </filters>
                             <transformers>
                                 <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                                    <mainClass>com.microsoft.aad.msal4j.mtls.e2e.Path2ManagedIdentity</mainClass>
+                                    <mainClass>com.microsoft.aad.msal4j.mtls.e2e.E2ETestRunner</mainClass>
                                 </transformer>
                             </transformers>
                         </configuration>

msal4j-mtls-extensions/src/e2e/java/com/microsoft/aad/msal4j/mtls/e2e/E2ETestRunner.java

@@ -0,0 +1,70 @@
+// mTLS PoP E2E Test Runner
+//
+// Dispatches to path1 (Confidential Client) or path2 (Managed Identity) based on the
+// first argument.
+//
+// Usage:
+//   java -jar target/msal4j-mtls-extensions-1.0.0-e2e.jar path1 [options]
+//   java -jar target/msal4j-mtls-extensions-1.0.0-e2e.jar path2 [--attest]
+//
+// Run with no arguments or --help for usage.
+
+package com.microsoft.aad.msal4j.mtls.e2e;
+
+import java.util.Arrays;
+
+/**
+ * Entry point for the mTLS PoP end-to-end test suite.
+ * Dispatches to {@link Path1ConfidentialClient} or {@link Path2ManagedIdentity}.
+ */
+public class E2ETestRunner {
+
+    public static void main(String[] args) throws Exception {
+        if (args.length == 0 || "--help".equals(args[0]) || "-h".equals(args[0])) {
+            printUsage();
+            return;
+        }
+
+        String path = args[0].toLowerCase();
+        String[] rest = Arrays.copyOfRange(args, 1, args.length);
+
+        switch (path) {
+            case "path1":
+                Path1ConfidentialClient.run(rest);
+                break;
+            case "path2":
+                Path2ManagedIdentity.run(rest);
+                break;
+            default:
+                System.err.println("Unknown path: " + args[0]);
+                printUsage();
+                System.exit(1);
+        }
+    }
+
+    private static void printUsage() {
+        System.out.println("msal4j mTLS PoP End-to-End Test Runner");
+        System.out.println();
+        System.out.println("Usage:");
+        System.out.println("  java -jar msal4j-mtls-extensions-*-e2e.jar <path> [options]");
+        System.out.println();
+        System.out.println("Paths:");
+        System.out.println("  path1   Confidential Client (SNI certificate, Azure AD app registration)");
+        System.out.println("  path2   Managed Identity (IMDSv2, VBS KeyGuard, Azure VM)");
+        System.out.println();
+        System.out.println("Path 1 options:");
+        System.out.println("  --tenant <tenantId>   Azure AD tenant ID");
+        System.out.println("  --client <clientId>   Azure AD app (client) ID");
+        System.out.println("  --region <region>     Azure region (default: centraluseuap)");
+        System.out.println("  --resource <url>      Downstream resource (default: https://graph.microsoft.com)");
+        System.out.println("  --errors-only         Run only error-case validation (no Azure credentials needed)");
+        System.out.println();
+        System.out.println("Path 2 options:");
+        System.out.println("  --attest              Enable attestation (requires AttestationClientLib.dll on PATH)");
+        System.out.println();
+        System.out.println("Examples:");
+        System.out.println("  java -jar e2e.jar path1 --errors-only");
+        System.out.println("  java -jar e2e.jar path1 --tenant <tid> --client <cid> --region westus2");
+        System.out.println("  java -jar e2e.jar path2 --attest");
+    }
+}