feat: Support for storing OAuth token in encrypted keychain

[timoguin]

Describe the feature or problem you’d like to solve

Support encrypted keychains for Linux, Mac, and Windows.

Proposed solution

Instead of storing the CLI application's OAuth token in plaintext, integrate with keychain applications so it stays encrypted.

Additional context

aws-vault uses its own library for interacting with the various keychain applications.

aws-okta also implements the same library to store credentials for both Okta sessions and AWS role sessions.

[jasonkarns]

semi-related to #288

[mislav]

We were eyeing https://github.com/zalando/go-keyring as a potential library to store OAuth in an OS-specific keychain app.

[mislav]

Some notes about more storage mechanisms:

• Go's internal netrc parser
• macOS Keychain API bindings
• Windows Credential Management API bindings

[jmkk]

On Enterprise side, we'd like to +1 this ask.

[djr7C4]

One way of doing this that could be nice is to use a file descriptor. This has the advantage of allowing the user to securely supply the password using any password storage application of their choice (combined with a simple shell script).

This method is used in other applications such as gpg. For example, on Linux/Unix this could look something like
gh --token-fd 3 3<<<"$(program-to-read-token-from-encrypted-password-storage)"

[dsseng]

https://github.com/99designs/keyring library looks applicable for this. It's platform-agnostic.