Migrate OIDC Token Exchange from Action to CLI

[EyalDelarea]

• All tests passed. If this feature is not already covered by the tests, I added new tests.
• I used npm run format for formatting the code before submitting the pull request.

---

✅ What’s Changed

🔁 Simplified OIDC Token Exchange Logic

The action now leverages the JFrog CLI’s native support for --oidc-token-id, which accepts a GitHub-issued OIDC token.
This removes the need for manual API calls to /oidc/token, reducing complexity and improving maintainability.

🧼 Refactored Credential Resolution

The getJfrogCredentials() logic is now cleaner and more intuitive:

• If oidc-provider-name is provided → fetch and inject GitHub OIDC token.
• Otherwise → fall back to existing mechanisms:
  • JF_ACCESS_TOKEN
  • JF_USER + JF_PASSWORD

✅ OIDC Validation Checks

The action now enforces:

• Minimum CLI version: OIDC requires CLI ≥ 2.75.0
• Download restriction: --download-repository cannot be used with OIDC (credentials unavailable before config)

🧹 Removed Legacy Code

• Removed manual token exchange logic
• Removed YAML-based config parsing for application keys
• Removed deprecated outputs: oidc-token, oidc-user

🧪 Improved Test Coverage

New tests were added for:

• OIDC support validation
• OIDC token injection
• Backwards compatibility handling

---

⚠️ Compatibility & Limitations

✅ Supported

• All existing auth methods:
  • JF_ACCESS_TOKEN
  • JF_USER + JF_PASSWORD
• oidc-provider-name (when using CLI ≥ 2.75.0)
• GitHub-native OIDC is now fully supported and simplified

❌ Not Supported

• --download-repository with OIDC (blocked by validation)
• CLI versions < 2.75.0 with OIDC (unsupported --oidc-token-id)

---

📚 Documentation Updates

• README.md updated to:
  • Reflect simplified OIDC support
  • Remove references to deprecated outputs (oidc-token, oidc-user)

---

🔗 Related Work

• 🧩 JFrog CLI update: [jfrog-cli#2938](Add Config OIDC Authentication & Token Exchange Support jfrog-cli#2938)