[Feature Requset] ROPC should only be allowed on tenanted authorities

[bgavrilMS]

As per discussion with ESTS:

`Frankly, I don’t believe we should support ROPC for MSA. All usages are migration scenarios, and we shouldn’t encourage this anymore. In fact, we should even block ROPC on /common. Tenanted is ok, since admins control their policies, but I would really like to see a bit more of a principled stance from client SDKs. We are phasing out legacy auth everywhere, so eventually we should really cut client support for tenanted endpoints too.

So essentially I would recommend we just block ROPC on /common, /consumers, and /organizations, and then have a plan to phase SDK support out on tenanted endpoints.`