feat: add support for caching refresh token in armadactl

[dejanzele]

What type of PR is this?

Feature which adds OIDC refresh token caching in armadactl.

What this PR does / why we need it:

Adds token caching for OIDC auth so you don't have to authenticate in the browser every single time you run armadactl.

Currently it's super annoying - every command opens the browser for auth.
This PR fixes that by securely caching the refresh token in your system keyring (Keychain on mac, etc).
After you auth once, subsequent commands just work without the browser popup.

The implementation is secure - only uses the OS keyring, never falls back to files.
If there's no keyring available, caching just gets disabled.
Tokens expire after 30 days.

To use it, just add cacheRefreshToken: true to your context in ~/.armadactl.yaml:

contexts:
  my-context:
    cacheRefreshToken: true
    openIdAuth:
      providerUrl: "http://localhost:8180/realms/armada"
      clientId: "armada-server"
      localPort: 8085
      scopes: ["openid", "profile", "email", "offline_access"]

Make sure to add offline_access scope so refresh token is returned from the IDP.

Which issue(s) this PR fixes:

Fixes #4487

Special notes

armadactl MUST be built with CGO_ENABLED=1 for this to work properly.