Handle null scopes in MsalAuth.cs more robustly

Ensure that the `scopes` parameter is checked for null before joining its elements into a string. This prevents potential null reference exceptions. Changes are applied when constructing the `cacheKey` and setting the "scope" parameter in the `parameters` dictionary.

Author: MattB-msft

src/libraries/Authentication/Authentication.Msal/MsalAuth.cs

@@ -210,7 +210,12 @@ public async Task<string> GetAgenticUserTokenAsync(string agentAppInstanceId, st
             AssertionHelpers.ThrowIfNullOrWhiteSpace(agentAppInstanceId, nameof(agentAppInstanceId));
             AssertionHelpers.ThrowIfNullOrWhiteSpace(upn, nameof(upn));
 
-            var cacheKey = $"{agentAppInstanceId}/{upn}/{string.Join(";", scopes)}";
+            string k1 = "";
+            if ( scopes != null )
+            {
+                k1 = string.Join(";", scopes);
+            }
+            var cacheKey = $"{agentAppInstanceId}/{upn}/{k1}";
             var value = _agenticTokenCache.Get(cacheKey);
             if (value != null)
             {
@@ -250,11 +255,16 @@ public async Task<string> GetAgenticUserTokenAsync(string agentAppInstanceId, st
             var tokenEndpoint = _connectionSettings.Authority != null 
                 ? $"{_connectionSettings.Authority}/oauth2/v2.0/token"
                 : $"https://login.microsoftonline.com/{_connectionSettings.TenantId}/oauth2/v2.0/token";
-
+            
+            string scp = "";
+            if (scopes != null)
+            {
+                scp = string.Join(" ", scopes);
+            }
             var parameters = new Dictionary<string, string>
             {
                 { "client_id", agentAppInstanceId },
-                { "scope", string.Join(" ", scopes) },
+                { "scope", scp },
                 { "client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" },
                 { "client_assertion", agentToken },
                 { "username", upn },