fix: Consolidate credential retrieval logic to fix terraform auth

This commit fixes a bug where `atmos terraform plan` and other Terraform commands
failed to use file-based credentials, while `atmos auth whoami` and similar
commands worked correctly. The root cause was duplicate credential retrieval
code across three methods with inconsistent fallback behavior.

## Problem

Three separate code paths retrieved credentials:
1. `GetCachedCredentials` - Had keyring → identity storage fallback ✓
2. `findFirstValidCachedCredentials` - Had fallback logic ✓
3. `retrieveCachedCredentials` - NO fallback (the bug!) ✗

When users authenticated via AWS SSO (credentials in files, not keyring),
Terraform commands would fail because only `retrieveCachedCredentials` was
used in that code path, and it didn't have fallback logic.

## Solution

Extracted a shared `retrieveCredentialWithFallback` method that implements
the single source of truth for credential retrieval. All three code paths
now delegate to this method, ensuring consistent behavior:

- Tries keyring cache first (fast path)
- Falls back to identity storage if not in keyring (slow path)
- Provides detailed logging and error handling

## Changes

- Added `retrieveCredentialWithFallback()` method (38 lines)
- Refactored `GetCachedCredentials()` (40% code reduction)
- Refactored `findFirstValidCachedCredentials()` (57% code reduction)
- Refactored `retrieveCachedCredentials()` (now uses shared method)
- Fixed `TestManager_GetCachedCredentials_Paths` to use proper test data

## Result

✅ All three credential retrieval paths now behave identically
✅ Terraform commands work with file-based credentials
✅ ~110 lines of duplicate code eliminated
✅ All tests pass
✅ Regression test included to prevent this class of bug

Fixes the issue where Terraform commands failed with valid session credentials.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: osterman