fix: validate auth login scopes locally

[lttlin]

Problem

lark-cli auth login --scope currently forwards the raw scope string to the device authorization endpoint. If the input contains malformed spacing, line breaks, or a typo in one scope name, the user only sees the remote OAuth error saying the scope list is invalid, without any indication of which scope caused it.

Root Cause

The explicit --scope path does not normalize user input or validate the requested scope names against the CLI's known scope registry before making the device authorization request.

Fix

Normalize explicit scope input with strings.Fields, deduplicate repeated entries, and validate each requested scope against the union of known registry scopes and shortcut scopes before calling the OAuth device authorization endpoint. Invalid scope names now fail fast with a local validation error that points users to auth scopes or the domain-based recommend flow.

Validation

• Static code review of the new auth login validation path
• Added unit tests covering whitespace normalization, invalid scope rejection, and early failure before network calls

Closes #416

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 303135b5-da30-4436-a222-c60081536899

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

voita seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}