fix(cli): refresh token lost on reconnect

[danilrwx]

Description

Refresh CLI client config before reconnecting long-lived VM access sessions.

This PR updates d8 v vnc and d8 v console so they recreate the Kubernetes client from the current context before each reconnect attempt instead of reusing the client created at command start.

Also adds unit tests covering reconnect behavior for both commands.

Why do we need it, and what problem does it solve?

When d8 v vnc or d8 v console stays alive for a long time, the process keeps the old in-memory OIDC config. If the ID token expires and another client (kubectl, another d8, Lens, k9s, IDE) refreshes the token first, Dex rotates the refresh token and the old CLI process can no longer use its stale refresh token on reconnect.

As a result, after VNC/console reconnect scenarios the command may fail with an error like:

failed to refresh token: oauth2: "invalid_request" "Refresh token is invalid or has already been claimed by another client."

This change makes reconnect logic reread kubeconfig/client config before each new connection attempt, so the command uses the latest valid tokens.

What is the expected result?

Reproduction steps for the original problem:

1. Use an OIDC kubeconfig generated by Deckhouse user-authn / Dex.
2. Reduce user-authn.settings.idTokenTTL, for example to 1m.
3. Start a long-lived session:
   • d8 v vnc <vm> -n <ns>, or
   • d8 v console <vm> -n <ns>.
4. Wait until the ID token expires.
5. In another terminal, run kubectl get ns to refresh tokens and rotate the refresh token.
6. Trigger reconnect of the original session:
   • reboot the guest OS,
   • or restart the VM,
   • or cause a temporary connection loss.

Expected result after this PR:

• d8 v vnc reconnects successfully.
• d8 v console reconnects successfully.
• The command does not fail with the stale refresh token error.

Checklist

• The code is covered by unit tests.
• e2e tests passed.
• Documentation updated according to the changes.
• Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: fix
summary: "Reconnect logic in d8 v vnc and d8 v console now refreshes client config before reconnect, avoiding stale OIDC refresh token failures."
impact_level: low