Add --auto-sso option to invoke aws-sso-login if necessary

When you run stackctl after your AWS SSO credentials have timed out, you see:

stackctl: ServiceError (ServiceError'
{ _serviceErrorAbbrev = Abbrev {fromAbbrev = "SSO"}
, _serviceErrorStatus = Status {statusCode = 401, statusMessage = "Unauthorized"}
, _serviceErrorHeaders = [("Date","Mon, 22 May 2023 17:56:45 GMT"),("Content-Type","application/json"),("Content-Length","114"),("Connection","keep-alive"),("Access-Control-Expose-Headers","RequestId"),("Access-Control-Expose-Headers","x-amzn-RequestId"),("RequestId","0763ba60-15ca-4fec-9b56-a329844f269d"),("Server","AWS SSO"),("x-amzn-RequestId","0763ba60-15ca-4fec-9b56-a329844f269d")]
, _serviceErrorCode = ErrorCode "Unauthorized"
, _serviceErrorMessage = Just (ErrorMessage {fromErrorMessage = "Session token not found or invalid"})
, _serviceErrorRequestId = Just (RequestId {fromRequestId = "0763ba60-15ca-4fec-9b56-a329844f269d"})
})

The solution is to (re)run aws sso login and try again.

This PR adds some handling for that exception. What it does depends on the --auto-sso option:

always: logs a warning, runs aws sso login for you, then re-runs whatever you were trying to do
never: logs an error and exits non-zero
ask: (the default): logs a warning and prompts before behaving like always

Since this specifically uses Amazonka.SSO.Types._Unauthorized to catch the exception, I don't think it will have any effect on any other authorization errors.

To see the specific tasks where the Asana app for GitHub is being used, see below:
- https://app.asana.com/0/0/1204630169320841

freckle / stackctl

Add --auto-sso option to invoke aws-sso-login if necessary #47