[FEATURE] Add `cogsol-admin credentials-setup` command to configure tenant credentials for CLI usage

[rsastre]

Problem Statement

Currently, using framework CLI commands such as migrate or testing an agent requires the user to manually discover, copy, and configure tenant credentials (e.g., client_id, client_secret, and tenant api_key) in an ad-hoc way (often via .env).

We want a consistent onboarding path where the CLI can validate that credentials exist before allowing actions that require them.

Proposed Solution (v1: Manual credentials setup)

Introduce a new CLI command:

• cogsol-admin credentials-setup

Expected behavior

1. When executed, the command prints a short onboarding message for users who don’t yet have tenant credentials, pointing them to an onboarding page (example):

• “If you don’t have tenant credentials yet, go to onboarding.cogsol.ai to obtain them.”
  • Note: please consider updating the onboarding flow messaging to explicitly mention that it also provides the credentials required to use CogSol Framework and the CLI, since users may arrive here from the framework/CLI setup flow.

2. The command then prompts the user to enter:

• client_id
• client_secret
• tenant_api_key (API key that identifies the tenant)

3. The CLI saves these values in a local configuration file used by cogsol-admin.

4. Any command that requires authenticated access must check whether credentials are configured before running:

• If credentials are missing, the command must fail fast with a clear message:

  • “Credentials are not configured. Run cogsol-admin credentials-setup first.”

Storage and config

• Default: store credentials at the user level for the CLI (e.g., in an OS-appropriate config path).
• Optional: allow loading from .env.
• Implementation should avoid printing secrets to stdout/logs.

Security Notes (v1)

• Store secrets using the safest feasible approach for the initial version (at minimum, ensure restricted file permissions).
• Provide a way to clear credentials: cogsol-admin logout or cogsol-admin clear-credentials.

Future Improvements (v2: Web login + Device Authorization Flow)

In a follow-up iteration, replace manual input with a web-based login flow:

• cogsol-admin login opens the browser to authenticate the user.
• The CLI obtains the required credentials/tokens automatically (Device Authorization Flow or equivalent).
• Reduces manual copy/paste and improves security by avoiding long-lived secrets in local config.