Add 'debug auth' command to inspect Docker Desktop JWT

[dgageot]

Add a new 'cagent debug auth' subcommand that fetches the JWT from Docker Desktop, parses its claims, and displays authentication status.

Supports a --json flag for machine-readable output.

Assisted-By: cagent

[docker-agent]

Review Summary

Found 1 critical issue that needs to be addressed.

Critical Issue

• Panic Risk: The token display logic doesn't validate token length, which will cause a panic if the token is shorter than 10 characters.

[docker-agent]

🚨 Index out of bounds panic when token is shorter than 10 characters

This line will panic if info.Token is less than 10 characters long.

The Problem:
When slicing info.Token[len(info.Token)-10:] with a token shorter than 10 characters, the expression len(info.Token)-10 becomes negative, causing a panic. For example, with a 5-character token:

• len(info.Token) = 5
• len(info.Token)-10 = -5
• info.Token[-5:] → panic: negative slice index

Fix:
Validate the token length before slicing:

if len(info.Token) < 20 {
    fmt.Fprintf(w, "Token:      %s\n", info.Token)
} else {
    fmt.Fprintf(w, "Token:      %s...%s\n", info.Token[:10], info.Token[len(info.Token)-10:])
}

While JWTs are typically much longer than 20 characters, edge cases (malformed tokens, test data, etc.) could trigger this panic.