auth: clear error for PAT profile on SPOG without workspace_id

[simonfaltum]

Why

Personal access tokens are workspace-scoped. When a PAT profile points at a SPOG host (account-scoped OIDC discovery) without `workspace_id`, the SDK can't add the routing identifier, the request lands on the account-plane where PATs aren't accepted, and the user sees the opaque error "Credential was not sent or was of an unsupported type for this API" from the auth endpoint. Reported in a bug bash.

Reproduced against `db-deco-test.databricks.com`:
```
[spog-pat-no-wid]
host = https://db-deco-test.databricks.com
token = dapi...

$ databricks auth describe --profile spog-pat-no-wid
Unable to authenticate: Credential was not sent or was of an unsupported type for this API. [ReqId: ...]
```

Changes

• Before: PAT-on-SPOG without `workspace_id` failed with the opaque credentials error.
• Now: `workspaceClientOrPrompt` detects the combination (`auth_type=pat` + SPOG discovery signal + `workspace_id` empty) before any API call and returns a message that names the profile, explains the routing constraint, and points at the fix: add `workspace_id = ` for the workspace the token was minted in.

`databricks auth describe --profile spog-pat-no-wid` now prints:
```
Unable to authenticate: profile "spog-pat-no-wid" uses PAT auth on a SPOG host but is missing workspace_id; PATs are workspace-scoped, so the request can't be routed. Edit the profile to add workspace_id = matching the workspace the token was minted in
```

Test plan

• Reproduced against `db-deco-test.databricks.com` with a PAT profile that has no `workspace_id`; saw the opaque "Credential was not sent" error.
• Same profile with the fix → clear, actionable error message naming the profile and pointing at the fix (verified with `auth describe` and `current-user me`).
• Existing `spog-deco-aws` (PAT with valid `workspace_id`) still works against the same host — no regression.
• New unit tests: `TestIsPATOnSPOGWithoutWorkspaceID`, `TestWorkspaceClientOrPromptRejectsPATOnSPOGWithoutWorkspaceID`
• `go test ./cmd/root/...`, `./task checks`, `./task lint-q`

[github-actions]

Waiting for approval

Based on git history, these people are best suited to review:

• @pietern -- recent work in cmd/root/
• @denik -- recent work in cmd/root/

Eligible reviewers: @Divyansh-db, @chrisst, @hectorcast-db, @mihaimitrea-db, @parthban-db, @rauchy, @renaudhartert-db, @tanmay-db, @tejaskochar-db

_{Suggestions based on git history. See OWNERS for ownership rules.}

[eng-dev-ecosystem-bot]

Commit: 32ce366

Run: 26513315313