Show authenticated user's email in CLI auth state

[luanvdw]

It would be useful for the CLI authenticated state to display the currently authenticated user's email address in auth login and auth whoami output.

Context

The CLI can currently resolve and display the active workspace after login, for example:

│  status:     signed in
│  workspace:  Prismanauts

For users, it would be clearer if the output could also show which Prisma account is signed in:

│  status:     signed in
│  user:       user@example.com
│  workspace:  Prismanauts

Email seems like the best display value because it is recognizable to humans and acts as the platform user identifier.

Current limitation

The current OAuth flow uses the documented Management API scopes:

workspace:admin offline_access

Trying to request openid email is rejected by the auth server with invalid_scope, and the current Management API/SDK surface does not expose a userinfo, current user, or GET /v1/me endpoint that the CLI can call after login.

That means the CLI can only show the email if the issued token already includes an email-like claim. When it does not, the CLI has no reliable public source for the authenticated user's email.

Proposed capability

Add a supported way for the CLI to resolve the authenticated user's email, for example one of:

• include an email claim in the OAuth access token used by the CLI
• support an OAuth/OIDC userinfo flow for the CLI client
• expose a Management API endpoint such as GET /v1/me

Once available, the CLI can display the authenticated user consistently in both human output and --json auth state.