`tctl get` / server-side API support for filtering objects

[programmerq]

What would you like Teleport to do?

Introduce functionality for filtering by a pattern or regex for listing or deletion (tctl and also gRPC API), allowing inclusion of search patterns or criteria to select roles.

What problem does this solve?

Currently, it seems there is no way to bulk delete roles that match a specific naming pattern (such as 'dev*' or 'change*') either through the tctl command-line tool or the gRPC API. Users trying to delete multiple roles cannot do so efficiently and have to rely on deleting individual roles manually or writing scripts without native support.

This enhancement would make it easier for administrators to manage large sets of roles, especially for operations such as clean-up or restructuring.

More specifically, this was requested by a user who has thousands of roles. They are running into this bug: https://github.com/gravitational/teleport/issues/36523 That is preventing the listing of roles on this cluster, and they'd like to clean them up.

If a workaround exists, please include it.

At the moment, the only workaround seems to be a manual deletion of each role or a custom script that individually processes role deletions.

[zmb3]

Note: some of the listing commands do support server side filtering via the --query param, so it sounds like this request is just to add --query to tctl get (and possibly tctl rm).