Add support for `up ctp pull-secret create` and require token create output

[hasheddan]

Description of your changes

Restructures alpha level command gating to dynamically hide commands from help based on the branch they are accessed on. This allows for tagging commands such that they can be accessible from multiple branches, but are not shown in the help at maturity levels that differ from their own.

Also updates to hide the usage help on hidden commands, instead encouraging folks to use the variant at the specified maturity level. In the future we will introduce alpha commands and not allow them to be invoked on the main tree, but for now we want to keep existing commands functioning properly even though they are not discoverable.

Signed-off-by: hasheddan georgedanielmangum@gmail.com

Adds a feature package that allows for specifying the maturity level of a command.

Signed-off-by: hasheddan georgedanielmangum@gmail.com

Adds an up ctp pull-secret command which allows a user to create a pull-secret using their profile credentials or a token file.

Signed-off-by: hasheddan georgedanielmangum@gmail.com

Nests the pull secret commands as a subcommand group under controlplane so that they can be expanded in the future as needed.

Signed-off-by: hasheddan georgedanielmangum@gmail.com

Fixes https://github.com/upbound/up/issues/239 Fixes https://github.com/upbound/up/issues/240

I have:

• [x] Read and followed Upbound's contribution process.
• [x] Run make reviewable to ensure this PR is ready for review.
• [ ] Added backport release-x.y labels to auto-backport this PR, as appropriate.

How has this code been tested

Expand for testing

``` 🤖 (up) up --version v0.13.0-rc.0.92.g737bd4a 🤖 (up) up -h Usage: up The Upbound CLI Flags: -h, --help Show context-sensitive help. -v, --version Print version and exit. -q, --quiet Suppress all output. --pretty Pretty print output. Commands: license Print Up license information. login Login to Upbound. logout Logout of Upbound. controlplane (ctp) Interact with control planes. profile Interact with Upbound profiles. organization (org) Interact with organizations. repository (repo) Interact with repositories. robot Interact with robots. uxp Interact with UXP. xpkg Interact with UXP packages. xpls Start xpls language server. alpha Alpha features. Commands may be removed in future releases. Run "up --help" for more information on a command. 🤖 (up) up alpha -h Usage: up alpha Alpha features. Commands may be removed in future releases. Flags: -h, --help Show context-sensitive help. -v, --version Print version and exit. -q, --quiet Suppress all output. --pretty Pretty print output. Commands: alpha controlplane (ctp) Interact with control planes. alpha upbound Interact with Upbound. alpha xpkg Interact with UXP packages. 🤖 (up) up alpha upbound -h Usage: up alpha upbound Interact with Upbound. Flags: -h, --help Show context-sensitive help. -v, --version Print version and exit. -q, --quiet Suppress all output. --pretty Pretty print output. --kubeconfig=STRING Override default kubeconfig path. -n, --namespace="upbound-system" Kubernetes namespace for Upbound ($UPBOUND_NAMESPACE). Commands: alpha upbound install Install Upbound. alpha upbound mail Run a local mail portal. alpha upbound uninstall [] Uninstall Upbound. alpha upbound upgrade Upgrade Upbound. 🤖 (up) up ctp -h Usage: up controlplane (ctp) Interact with control planes. Flags: -h, --help Show context-sensitive help. -v, --version Print version and exit. -q, --quiet Suppress all output. --pretty Pretty print output. --domain=https://upbound.io/ Root Upbound domain ($UP_DOMAIN). --profile=STRING Profile used to execute command ($UP_PROFILE). -a, --account=STRING Account used to execute command ($UP_ACCOUNT). --insecure-skip-tls-verify [INSECURE] Skip verifying TLS certificates ($UP_INSECURE_SKIP_TLS_VERIFY). Commands: controlplane (ctp) pull-secret [] Create a package pull secret. 🤖 (up) up ctp create -h Refusing to emit help for hidden command. See alpha variant. 🤖 (up) up alpha ctp create -h Usage: up alpha controlplane (ctp) create Create a hosted control plane. Arguments: Name of control plane. Flags: -h, --help Show context-sensitive help. -v, --version Print version and exit. -q, --quiet Suppress all output. --pretty Pretty print output. --domain=https://upbound.io/ Root Upbound domain ($UP_DOMAIN). --profile=STRING Profile used to execute command ($UP_PROFILE). -a, --account=STRING Account used to execute command ($UP_ACCOUNT). --insecure-skip-tls-verify [INSECURE] Skip verifying TLS certificates ($UP_INSECURE_SKIP_TLS_VERIFY). -d, --description=STRING Description for control plane. 🤖 (up) up robot list -a dan NAME ID DESCRIPTION CREATED kube-access 69ef268a-2008-4b94-a202-606a39f42027 29h up-test d9386395-8bc0-4864-bcdd-37af69a02cdd 9h 🤖 (up) up robot create cli -a dan dan/cli created 🤖 (up) up robot list -a dan NAME ID DESCRIPTION CREATED kube-access 69ef268a-2008-4b94-a202-606a39f42027 29h cli b92efe20-fb7d-4287-a738-92539cbb2a62 5s up-test d9386395-8bc0-4864-bcdd-37af69a02cdd 9h 🤖 (up) up robot token create cli test -a dan up: error: missing flags: --output=STRING 🤖 (up) up robot token create cli test -a dan -o creds.json dan/cli/test created 🤖 (up) ls | grep creds.json creds.json 🤖 (up) up --version v0.13.0-rc.0.93.gb5b9bb4 🤖 (up) k get secrets -n upbound-system NAME TYPE DATA AGE crossplane-token-nphsq kubernetes.io/service-account-token 3 31h default-token-5jqpj kubernetes.io/service-account-token 3 31h prometheus-token-qww8j kubernetes.io/service-account-token 3 31h rbac-manager-token-2jrsc kubernetes.io/service-account-token 3 31h sh.helm.release.v1.cc-policies-tenant.v1 helm.sh/release.v1 1 31h sh.helm.release.v1.crossplane-tenant.v1 helm.sh/release.v1 1 31h upbound-agent-tls Opaque 3 31h upbound-agent-token-nfd4r kubernetes.io/service-account-token 3 31h upbound-bootstrapper-token-qwln9 kubernetes.io/service-account-token 3 31h upbound-control-plane-token Opaque 1 31h uxp-ca Opaque 3 31h xgql-tls Opaque 3 31h xgql-token-dmjmn kubernetes.io/service-account-token 3 31h 🤖 (up) up ctp pull-secret create WARNING: Using temporary user credentials that will expire within 30 days. upbound-system/package-pull-secret created 🤖 (up) k get secrets -n upbound-system NAME TYPE DATA AGE crossplane-token-nphsq kubernetes.io/service-account-token 3 31h default-token-5jqpj kubernetes.io/service-account-token 3 31h package-pull-secret kubernetes.io/dockerconfigjson 1 3s prometheus-token-qww8j kubernetes.io/service-account-token 3 31h rbac-manager-token-2jrsc kubernetes.io/service-account-token 3 31h sh.helm.release.v1.cc-policies-tenant.v1 helm.sh/release.v1 1 31h sh.helm.release.v1.crossplane-tenant.v1 helm.sh/release.v1 1 31h upbound-agent-tls Opaque 3 31h upbound-agent-token-nfd4r kubernetes.io/service-account-token 3 31h upbound-bootstrapper-token-qwln9 kubernetes.io/service-account-token 3 31h upbound-control-plane-token Opaque 1 31h uxp-ca Opaque 3 31h xgql-tls Opaque 3 31h xgql-token-dmjmn kubernetes.io/service-account-token 3 31h 🤖 (up) k get secrets -n crossplane-system NAME TYPE DATA AGE default-token-lrmlb kubernetes.io/service-account-token 3 31h package-pull-secret kubernetes.io/dockerconfigjson 1 29h provider-aws-6d0d7887a3e8-token-tc58j kubernetes.io/service-account-token 3 28h upbound-oidc Opaque 1 24h 🤖 (up) up ctp pull-secret create cool-pull -n crossplane-system WARNING: Using temporary user credentials that will expire within 30 days. crossplane-system/cool-pull created 🤖 (up) up ctp pull-secret create cool-pull-token -f creds.json -n crossplane-system crossplane-system/cool-pull-token created 🤖 (up) k get secrets -n crossplane-system NAME TYPE DATA AGE cool-pull kubernetes.io/dockerconfigjson 1 18s cool-pull-token kubernetes.io/dockerconfigjson 1 6s default-token-lrmlb kubernetes.io/service-account-token 3 31h package-pull-secret kubernetes.io/dockerconfigjson 1 29h provider-aws-6d0d7887a3e8-token-tc58j kubernetes.io/service-account-token 3 28h ```