Misleading error message when login with wrong user

[mmartin24]

Issue

When performing login with an inexisting or wrong user, the error message always outputs as cause the password.
For example:

epinio login -u wrong-user https://epinio.192.168.16.3.omg.howdoi.website

🚢  Login to your Epinio cluster [https://epinio.192.168.16.3.omg.howdoi.website]
Password: 

⚠️  Certificate signed by unknown authority

|     KEY     |      VALUE      |
|-------------|-----------------|
| Issuer Name | CN=epinio-ca    |
| Common Name | epinio-ca       |
| Expiry      | 2024-January-04 |

Do you want to trust it (y/n): y

✔️  Trusting certificate for address https://epinio.192.168.16.3.omg.howdoi.website...

❌  error verifying credentials: error while connecting to the Epinio server: wrong password

---

Perhaps we could:

• Change the output message to something that also points to username as a possible error cause like:
  error verifying credentials: error while connecting to the Epinio server: wrong username or password
• Search if that user exists first and handle the error towards username error or password error accordingly

Test environment

Platform: k3s
Kubernetes Version: v1.25.4+k3s1
Epinio Server Version: v1.10.0-15-g47ee6f4e
Epinio Client Version: v1.10.0-15-g47ee6f4e

[andreas-kupries]

Search if that user exists first and handle the error towards username error or password error accordingly

That gives the attacker information, i.e. enabling separate search for a valid user before then having a go at the password.
Better to always claim wrong user or password.