For IAS-only setups, all authentication needs to run through IAS instead of UAA

[rlindner81]

For now pretty much all commands authenticate with getCachedUaaToken(), meaning they do an OAuth Flow with UAA to get a client credentials JWT. But for IAS-only setups this flow should be done with IAS instead.
https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/configure-client-to-call-identity-authentication-token-endpoint-for-client-credentials-flow

But where to get OAuth endpoint and credentials?

  "identity": [
    {
      "binding_guid": "08de919a-5021-4130-86d6-7c906aba37e4",
      "binding_name": null,
      "credentials": {
        "app_tid": "7b20408e-3fe0-4ade-aa2e-ad97baac72e8",
        "authorization_endpoint": "https://awdsp8ef4.accounts400.ondemand.com/oauth2/authorize",
        "btp-tenant-api": "https://api.authentication.sap.hana.ondemand.com",
        "certificate": "...",
        "certificate_expires_at": "2026-02-09T19:53:07Z",
        "clientid": "21ad7bc4-79b2-48a7-8346-6806d385bf15",
        "credential-type": "X509_GENERATED",
        "domain": "accounts400.ondemand.com",
        "domains": [
          "accounts400.ondemand.com",
          "accounts400.cloud.sap"
        ],
        "end_session_endpoint": "https://awdsp8ef4.accounts400.ondemand.com/oauth2/logout",
        "key": "...",
        "url": "https://awdsp8ef4.accounts400.ondemand.com"
      },
      "instance_guid": "f999651e-8c35-467b-822e-518554570a04",
      "instance_name": "afc-ias",
      "label": "identity",
      "name": "afc-ias",
      "plan": "application",
      "provider": null,
      "syslog_drain_url": null,
      "tags": [],
      "volume_mounts": []
    }
  ],

There is a binding with label identity plan application that has the IAS information in a format that is similar the xsuaa binding for UAA.