CLI: room for improvement with security of authentication credentials within the shell

[jakedoublev]

https://smallstep.com/blog/command-line-secrets/

Acceptance Criteria

1. os.Args are sanitized when we receive --with-client-creds JSON
2. os.Args are sanitized when we receive --with-access-token
3. new command is added --with-access-token-file to read from a file and avoid leaking the token itself into the shell environment, process, or history