Update pullsecret checks to include auth tokens and hive checks

[nephomaniac]

This is currently a WIP/POC for initial review.

This attempts to update the existing pull secret validations to include:

• backplane config/connection validation (prevent working against the wrong cluster)
• Add OCM account email validation for all checked auths
• Add OCM auth token validation for all checked auths
• OCM registry_credentials checks against cluster openshift-config/pull-secret and hive CD pull-secret.
• OCM access_token checks against cluster openshift-config/pull-secret and hive CD pull-secret.
• Allow access_token checks to run without impersonation when the tool detects the cluster is owned by the current OCM account/user.
• Add ability for the util to work with clusters in different OCM environments. This is needed to allow integration and stage cluster testing (Hive always runs in Prod)

Example run...

 ./osdctl -S cluster validate-pull-secret maclarktest --reason "testing osdctl secret validation" --hive-config-path ~/.config/ocm/ocm.prod.json
 
2025/01/23 23:38:25 Using internal clusterID:'2gfms08lnbqhruk1dhr8cfmbl1jlfgoo' for provided clusterID:'maclarktest'
2025/01/23 23:38:25 Found email for cluster's OCM account: ******@********.com
Getting registry_credentials from OCM
Getting the pull-secret in the cluster with elevated permissionsEmail from cluster pull-secret['cloud.openshift.com]: ******@********.com

OCM_SOURCE          AUTH                               NAMESPACE                                    SECRET      ATTR  RESULT
----------          ----                               ---------                                    ------      ____  ______
Account             cloud.openshift.com                openshift-config                             pull-secret email PASS
registry_credential Redhat_registry.connect.redhat.com openshift-config                             pull-secret email PASS
registry_credential Redhat_registry.connect.redhat.com openshift-config                             pull-secret token PASS
registry_credential Redhat_registry.redhat.io          openshift-config                             pull-secret email PASS
registry_credential Redhat_registry.redhat.io          openshift-config                             pull-secret token PASS
registry_credential Quay_quay.io                       openshift-config                             pull-secret email PASS
registry_credential Quay_quay.io                       openshift-config                             pull-secret token PASS
access_token        registry.redhat.io                 openshift-config                             pull-secret token PASS
access_token        registry.redhat.io                 openshift-config                             pull-secret email PASS
access_token        cloud.openshift.com                openshift-config                             pull-secret token PASS
access_token        cloud.openshift.com                openshift-config                             pull-secret email PASS
access_token        quay.io                            openshift-config                             pull-secret token PASS
access_token        quay.io                            openshift-config                             pull-secret email PASS
access_token        registry.connect.redhat.com        openshift-config                             pull-secret token PASS
access_token        registry.connect.redhat.com        openshift-config                             pull-secret email PASS
registry_credential Redhat_registry.connect.redhat.com uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
registry_credential Redhat_registry.connect.redhat.com uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
registry_credential Redhat_registry.redhat.io          uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
registry_credential Redhat_registry.redhat.io          uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
registry_credential Quay_quay.io                       uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
registry_credential Quay_quay.io                       uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
access_token        registry.connect.redhat.com        uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
access_token        registry.connect.redhat.com        uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
access_token        registry.redhat.io                 uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
access_token        registry.redhat.io                 uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
access_token        cloud.openshift.com                uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
access_token        cloud.openshift.com                uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS
access_token        quay.io                            uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        token PASS
access_token        quay.io                            uhc-staging-2gfms08lnbqhruk1dhr8cfmbl1jlfgoo pull        email PASS

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: nephomaniac
Once this PR has been reviewed and has the lgtm label, please assign devppratik for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment