Auth response should return id of new access token and write it to credentials file

[askfongjojo]

(This should perhaps belong to the oxide.rs repo. Please move as appropriate.)

Now that access tokens have generated ids that are used as the identifier in access token view/delete operations (introduced in #8227), it becomes hard to relate them with credentials.toml. For example, in the list token API response, the user sees only the tokens that haven't expired

$ oxide --profile recovery api /v1/me/access-tokens
{
  "items": [
    {
      "id": "6feec54c-6e3a-4c1a-9f82-8acd7a0ef249",
      "time_created": "2025-06-05T04:28:42.946403Z",
      "time_expires": null
    }
  ],
  "next_page": "eyJ2IjoidjEiLCJwYWdlX3N0YXJ0Ijp7InNvcnRfYnkiOiJpZF9hc2NlbmRpbmciLCJsYXN0X3NlZW4iOiI2ZmVlYzU0Yy02ZTNhLTRjMWEtOWY4Mi04YWNkN2EwZWYyNDkifX0="
}

But credentials.toml currently doesn't include the token id (and expired tokens aren't automatically removed from the file). So, it's posssible that user sees more tokens here:

[profile.recovery]
host = "https://recovery.sys.berlin.eng.oxide.computer"
token = "oxide-token-935212d5e41079cf0bcfc9ec84c0f8f7c09aac6b"
user = "8a705181-8afe-4604-86d6-06f4b5fac6e9"

[profile.recovery2]
host = "https://recovery.sys.berlin.eng.oxide.computer"
token = "oxide-token-c0187754418f8112ddf00b4767f546288f215ed8"
user = "8a705181-8afe-4604-86d6-06f4b5fac6e9"

When user wants to remove an expired token from the toml file or even to confirm which one should be used for certain requests, it's easy to make a mistake.

[david-crespo]

I think this does belong here because the ID needs to be added here.

omicron/nexus/types/src/external_api/views.rs

Lines 1030 to 1038 in b08db01

	/// Successful access token grant. See RFC 6749 §5.1.
	#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)]
	pub struct DeviceAccessTokenGrant {
	/// The access token issued to the client.
	pub access_token: String,
	/// The type of the token issued, as described in RFC 6749 §7.1.
	pub token_type: DeviceAccessTokenType,
	}