Fix UniqueCheck to only validate profiles within the requested SSO

[nlang]

Summary

• ProfileMap.UniqueCheck() was iterating over all cached SSO instances (s.Cache.SSO) instead of only the profiles actually contained in the ProfileMap
• This caused false "duplicate profile name" errors when multiple SSO instances had accounts with the same alias and role name, even when the ProfileFormat included {{ .SSO }} which would produce unique profile names per SSO instance
• Fixed by checking uniqueness against the already-generated profiles in the ProfileMap rather than re-deriving them from all cached SSOs

Reproduction

AWS Organizations commonly have accounts with identical names across different organizations — e.g. Organisation, Log Archive, Audit, or Security. When a user has multiple SSO instances configured and these accounts share the same role (e.g. AdministratorAccess or ReadOnly), running:

aws-sso setup profiles -S my-sso

Produces a false duplicate error like:

FATAL duplicate profile name ':Organisation:AdministratorAccess' for:
sso-a: arn:aws:iam::111111111111:role/AdministratorAccess
sso-b: arn:aws:iam::222222222222:role/AdministratorAccess

Even though the ProfileFormat {{ .SSO }}:... should generate distinct names like sso-a:Organisation:AdministratorAccess vs sso-b:Organisation:AdministratorAccess.

The root cause is twofold:

1. UniqueCheck iterated over all cached SSOs, not just the one being generated
2. Because Roles.ssoName was not set for the other SSO instances, {{ .SSO }} resolved to an empty string, making the profiles appear identical

Test plan

• Updated tests in internal/sso/settings_test.go to validate duplicate detection within the ProfileMap
• Updated tests in internal/awsconfig/config_test.go to reflect that cross-SSO profiles should not conflict
• All existing tests pass (go test ./internal/...)

[nlang]

Previously, UniqueCheck validated across all cached SSO instances, which meant it would always fail when different SSOs had accounts with the same name and role, regardless of whether the ProfileFormat would actually produce duplicates. This made setup profiles unusable in multi-SSO setups with common account names.

This fix scopes UniqueCheck to the requested SSO instance only, which fixes the false positives. A potential follow-up improvement could be to also check for conflicts against profiles already present in ~/.aws/config from previous invocations. This would catch real cross-SSO duplicates when the ProfileFormat does not include {{ .SSO }}.

[github-actions]

This PR is stale because it has been open for 30 days with no activity.
It will be automatically closed in 30 days from this message.

[nlang]

Any chance this gets a look? This fixes a real issue that makes aws-sso unusable for people with multiple organizations with repeating account and role names.

[gjenning]

This would be a huge fix as I have also ran into this issue before and it was a pain to work arround.