TPT-4175: cli: Update interactive config token access check

[mgwoj]

📝 Description

AM Users wont have access to /profile/grants so we need to come up with a new way to check the access level of an account so it can add auth users.

✔️ How to Test

make test-unit

[Copilot]

Pull request overview

This PR updates the CLI’s token “full access” check used during interactive configuration to avoid failing hard when /profile/grants is inaccessible (notably for IAM-enrolled users).

Changes:

• Update _check_full_access to treat HTTP 403 from /profile/grants as a non-fatal response and interpret it as “not full access”.
• Add unit tests covering _check_full_access behavior for 204/200/403 responses.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
linodecli/configuration/auth.py	Adjusts response handling for /profile/grants to allow 403 without exiting.
tests/unit/test_configuration.py	Adds unit tests verifying _check_full_access return values for key status codes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Treating a 403 from /profile/grants as a non-fatal response makes _check_full_access return False for IAM-enrolled users. In CLIConfig.configure() this value gates the /account/users lookup, so IAM users will never be offered authorized_users selection even if they otherwise have the needed account permissions. If the intent is to still support configuring authorized users for IAM tokens, consider falling back to a different capability check (e.g. attempt /account/users with a status_validator for 401/403) or decouple the authorized-users prompt from _check_full_access when the grants endpoint is inaccessible.

[lgarber-akamai]

@jriddle-linode Thoughts on this? I can't seem to reproduce the issue that requires this change but I might not be properly enrolled in IAM