feat: configurable OAuth callback port for gws auth login

[Copilot]

The OAuth loopback callback server always bound to 127.0.0.1 on an OS-assigned random port with localhost hardcoded in the redirect URI — making it impossible to use a fixed port (required when the OAuth app has specific redirect URIs registered) or in Docker/CI environments where port-forwarding is used.

Changes

• New CLI flag on gws auth login:
  • --callback-port PORT — port to bind the callback server (default: 0 = OS-assigned)
• Env var support via clap's env feature (CLI takes precedence):
  • GOOGLE_WORKSPACE_CLI_CALLBACK_PORT
• Bind address: always binds to 0.0.0.0:{port}, supporting Docker/CI port-forwarding scenarios
• Redirect URI: always uses localhost as the hostname
• Routing: when a non-default port is specified, routes to login_with_proxy_support (yup-oauth2 doesn't expose port configuration)
• clap env feature added to the dependency

Example

# Fixed port — matches redirect URI registered in Google Cloud Console
gws auth login --callback-port 8080

# Or via env vars (e.g. in CI)
GOOGLE_WORKSPACE_CLI_CALLBACK_PORT=8080 gws auth login

[!WARNING]

Original prompt

actually, during the login, there is no way to set the host and the port for the ouath callback.
your duty is to implement this using both CLI parameters and enc variables

[ilteoood]

@copilot check the code review made here and apply the needed changes

[Copilot]

@copilot check the code review made here and apply the needed changes

Applied the IPv6 fix from the Gemini review (commit 0cf8428): bare IPv6 addresses in callback_host (those containing : but not already wrapped in [...]) are now enclosed in square brackets in the redirect URI, producing a valid URL like http://[::1]:8080 instead of http://::1:8080.

[ilteoood]

Let's change the whole implementation, remove the host definition and always use 0.0.0.0

Keep the port logic as is

@copilot

[Copilot]

Let's change the whole implementation, remove the host definition and always use 0.0.0.0

Keep the port logic as is
...

Done in 7c58be7. Removed --callback-host / GOOGLE_WORKSPACE_CLI_CALLBACK_HOST entirely. The callback server now always binds to 0.0.0.0:{port} and always uses localhost in the redirect URI. Port logic (default 0 = OS-assigned, --callback-port / GOOGLE_WORKSPACE_CLI_CALLBACK_PORT) is unchanged.