Service account auth tokens for gitops workflows

[psFried]

Currently, there's no way to automate the use flowctl because we don't have a non-expiring auth token. The current solution for authenticating flowctl is temporary scaffolding, which needs replaced. The new and improved solution should:

• Allow interactive users to have persistent authentication for flowctl, so that they don't need to copy a new token every day
• Allow non-interactive use of flowctl via GH actions, Gitlab CI/CD, etc
• Allow the control-plane to only issue short-lived JWTs, to reduce the risk of leaked tokens