feat(ske): implement idp flow for kubeconfig login (#1322)

* extract kubeconfig certificate validation

* simplify kubeconfig retrieval

* extract kubeconfig retrieval

* reorder imports

* Split kubeconfig retrieval and output

* replace hardcoded timeout with constant

* implement kubeconfig login --idp flow

* Add tests

* fix test failure if KUBECONFIG environment variable is set

* make retrieval of idp well known config reusable

* optionally initialize IDP_TOKEN_ENDPOINT auth field for service accounts

When activating a service account, clear a possibly stale old value. Add
a separate method to allow commands to request the initialization of the
IDP_TOKEN_ENDPOINT auth field.

* refactor token exchange into auth package

Author: MichaelEischer

docs/stackit_ske_kubeconfig_login.md

@@ -5,8 +5,8 @@ Login plugin for kubernetes clients
 ### Synopsis
 
 Login plugin for kubernetes clients, that creates short-lived credentials to authenticate against a STACKIT Kubernetes Engine (SKE) cluster.
-First you need to obtain a kubeconfig for use with the login command (first example).
-Secondly you use the kubeconfig with your chosen Kubernetes client (second example), the client will automatically retrieve the credentials via the STACKIT CLI.
+First you need to obtain a kubeconfig for use with the login command (first or second example).
+Secondly you use the kubeconfig with your chosen Kubernetes client (third example), the client will automatically retrieve the credentials via the STACKIT CLI.
 
 ```
 stackit ske kubeconfig login [flags]
@@ -15,9 +15,12 @@ stackit ske kubeconfig login [flags]
 ### Examples
 
 ```
-  Get a login kubeconfig for the SKE cluster with name "my-cluster". This kubeconfig does not contain any credentials and instead obtains valid credentials via the `stackit ske kubeconfig login` command.
+  Get an admin, login kubeconfig for the SKE cluster with name "my-cluster". This kubeconfig does not contain any credentials and instead obtains valid admin credentials via the `stackit ske kubeconfig login` command.
   $ stackit ske kubeconfig create my-cluster --login
 
+  Get an IDP kubeconfig for the SKE cluster with name "my-cluster". This kubeconfig does not contain any credentials and instead obtains valid credentials via the `stackit ske kubeconfig login` command.
+  $ stackit ske kubeconfig create my-cluster --idp
+
   Use the previously saved kubeconfig to authenticate to the SKE cluster, in this case with kubectl.
   $ kubectl cluster-info
   $ kubectl get pods
@@ -27,6 +30,7 @@ stackit ske kubeconfig login [flags]
 
 ```
   -h, --help   Help for "stackit ske kubeconfig login"
+      --idp    Use the STACKIT IdP for authentication to the cluster.
 ```
 
 ### Options inherited from parent commands