Fix cluster switch for multi-identity setups and improve identity UX

[phinze]

Summary

Fixes miren cluster switch failing with "cluster not found in organization" when the
cluster was added with a different local name than its cloud name. The root cause was
that we weren't storing the cluster's cloud XID, forcing a name-based lookup that failed
when names differed.

While investigating, discovered several related UX issues with multi-identity workflows:

• miren login silently overwrote existing identities
• miren logout with multiple identities required --identity flag with no guidance
• miren cluster add required --force for overwrites with no interactive option
• miren config info lumped all leaf configs as "cluster configs"

Changes

• Store cluster XID when adding clusters; use it for permission checks in cluster switch
• Add --force flag to login; prompt interactively when identity exists
• Add identity picker to logout when multiple identities configured
• Add overwrite prompt to cluster add in interactive mode
• Categorize config info output by type (clusters, identities, keys)
• Modernize config load to write leaf configs to clientconfig.d/
• Remove dead code (config_bind.go)

Test plan

• miren login with existing identity prompts for action
• miren logout with multiple identities shows picker
• miren cluster add with existing cluster prompts to overwrite
• miren cluster switch works for clusters with different local vs cloud names
• miren config info shows separate sections for clusters/identities/keys

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds an XID field to ClusterConfig and threads cluster XIDs through cluster selection and auto-configuration. It introduces address normalization and TLS certificate extraction helpers, removes the config_bind command, and switches config writes to leaf-based ConfigData via SetLeafConfig. CLI output now categorizes configs into clusters/identities/keys. Interactive UI pickers were added for cluster/identity selection and overwrite prompts; login/logout flows were updated (including a Force option) and cluster XID lookup was optimized to use stored values when present.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@cli/commands/cluster_switch.go`:
- Around line 122-146: The fallback lookup only compares clusterName to c.Name
and c.XID so legacy local entries whose local name differs from the cloud name
still fail; update the fallback in the switch logic (where clusterXID,
fetchAvailableClusters, clusterName, clusters and the loop over for _, c :=
range clusters are used) to also compare the local cluster's API/hostname fields
(e.g. local config's API endpoint or Hostname) against the returned cluster
metadata (c.APIEndpoint, c.Hostname or equivalent) and use that match to set
clusterXID before erroring; ensure you check both normalized hostnames/IPs and
schemes/ports to avoid false negatives.

In `@cli/commands/login.go`:
- Around line 165-177: When handling the "Add new identity" branch around
selected.ID() and ui.PromptForInput, validate the entered newName against
existing identities in the current config (the map/list used to lookup identity
names) before assigning identityName; if newName already exists, return an error
or loop to reprompt (do not silently overwrite). Use the same identity lookup
logic as other code that reads identities (e.g., the config struct or
GetIdentity/HasIdentity helper if present) to check duplicates and provide a
clear message like "identity already exists" or prompt again until a unique name
is provided.

[teresamychu]

woohoo for removing dead code!