Update cli to use firestore token service

[amrit110]

This pull request significantly refactors the onboarding process to improve reliability, user experience, and security. The most important changes are a switch from fetching tokens via Secret Manager to using a dedicated token service, enhanced checks for onboarding status, and improved handling of the .env file. The CLI now provides clearer feedback to users and supports a --force option for re-onboarding.

Authentication and Token Fetching:

• Replaced the fetch_token_from_secret_manager method with fetch_token_from_service, which retrieves a fresh Firebase token from a Cloud Run token service using authenticated identity tokens, ensuring tokens are always up-to-date and reducing dependency on Secret Manager. [1] [2] [3]

Onboarding Status and User Experience:

• Added check_onboarded_status utility and integrated it into the CLI to check Firestore for existing onboarding status, allowing the CLI to skip redundant onboarding steps unless --force is specified. [1] [2]
• Introduced a --force flag to the CLI to allow users to re-onboard even if already marked as onboarded. [1] [2]

Environment File Handling:

• Added validate_env_file utility and related CLI logic to check if the .env file is present and complete before proceeding, providing clear instructions to the user and avoiding unnecessary steps if the environment is already set up. [1] [2]

Testing Improvements:

• Updated the integration test runner to use pytest via the Python module interface for improved test execution consistency.

Code Quality and Minor Fixes:

• Cleaned up imports (removed unnecessary type ignore, reordered), and improved function signatures for clarity and maintainability. [1] [2] [3] [4] [5]