PROTO: Add store auth info command

[dmerand]

What

Add shopify store auth info to inspect the locally stored auth state for a store.

The command shows the stored user, scopes, token status, and refresh-token metadata, and supports --json for scripts and agents.

Why

shopify store auth persists useful local state, but there is no CLI surface to inspect it.

That makes it harder to understand which user a stored token belongs to, which scopes were granted, whether the token is expired, and whether missing refresh-token expiry data is a CLI bug or just absent from Shopify's token response.

How

• add a local-only store auth info command
• register store auth as a nested command tree so store auth info is discoverable
• validate stored sessions before returning them so malformed local state is treated as missing auth instead of crashing the info command
• make refresh-token expiry output explicit:
  • not applicable when no refresh token is stored
  • not provided by Shopify when the token response omitted refresh_token_expires_in
• add debug logging when Shopify returns a refresh token without expiry metadata during initial auth or token refresh

Considered

• Hiding the refresh-token-expiry row when expiry is absent. Rejected. Keeping the row visible makes it clear that the CLI has a refresh token but Shopify did not provide expiry metadata.
• Turning store auth into a larger command-group redesign such as store auth login. Deferred. This PR keeps the existing action command and only adds the nested info subcommand.
• Folding auth-info into store/auth.ts. Rejected. The new command is read-only introspection over stored state, so keeping it separate avoids making store/auth.ts own even more concerns.
• Adding broader follow-up surfaces such as store auth list or local logout/clear behavior. Deferred to follow-up work so this PR stays focused on inspection of a single stored auth session.

How to test your changes?

1. Authenticate against a store:

   pnpm shopify store auth --store donaldmerand.myshopify.com --scopes write_products

2. Inspect the stored auth in text mode:

   pnpm shopify store auth info --store donaldmerand.myshopify.com

3. Inspect the stored auth in JSON mode:

   pnpm shopify store auth info --store donaldmerand.myshopify.com --json

4. Confirm the output includes the stored user, scopes, access-token status, and refresh-token fields.
5. If the token response omits refresh-token expiry metadata, confirm the command shows not provided by Shopify rather than unknown.

Measuring impact

How do we know this change was effective? Please choose one:

• n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
• Existing analytics will cater for this addition
• PR includes analytics changes to measure impact

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes

[dmerand]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• PROTO: Add --json to store commands #7186
• PROTO: Add shopify store logout #7185
• PROTO: Add store auth info command #7184 👈 (View in Graphite)
• Make store auth scopes additive #7172 : 1 other dependent PR (#7187 )
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[ryancbahan]

It might be good to start with a flag, eg shopify store auth --info, rather than a command. Easier to deprecate later and i can imagine we might want some sort of info dump for many commands.