Improve UX for slow Windows user lookups

[zmb3]

On AD-joined Windows hosts, tsh can time out due to the fact that when unspecified, --user and --login default to the currently logged in OS-user. This is is reasonable behavior and works well on most systems, but on domain-joined machines it ends up being an expensive network call rather than a local operation.

Original issue at #25014.

We did some work to improve this (see #24156, #25950, #29546, and #35179), but unfortunately we still see support load and customer confusion.

There are a couple problems remaining:

• The solution is to specify --user and --login (or their environment variable equivalents), but the irony is the value of --user is never consulted when using SSO, and most customers are using SSO. In fact, tsh will even print a warning that says that --user is not necessary for SSO logins. This is confusing.
• In order to work around this issue, we require --login to be provided to every command, even if it is not needed. For example, tsh login doesn't really need to know the OS user, that's not required until you tsh ssh.

Let's clean this up. Potential solution: instead of attempting to specify the user/login early, defer it until absolutely necessary. This should make it so that a tsh login with SSO doesn't hang, even on AD.

[webvictim]

This also affects Teleport Connect, and the workarounds of setting TELEPORT_USER and TELEPORT_LOGIN are much harder when using a graphical process. It'd be really nice if these fixes also worked for Teleport Connect!