client: read attestation CA list JSON from file (#3232)

instead of passing a giant blob of JSON as a command argument.
Before, it was not possible to allow all valid authenticators
certified by the FIDO Alliance because

fido-mds-list query -o "status gte valid"

outputs a JSON string longer than Linux allows for command
arguments.

Co-authored-by: Firstyear <william@blackhats.net.au>

tools/cli/src/cli/group/account_policy.rs

@@ -113,12 +113,17 @@ impl GroupAccountPolicyOpt {
             }
             GroupAccountPolicyOpt::WebauthnAttestationCaList {
                 name,
-                attestation_ca_list_json,
+                attestation_ca_list_json_file,
                 copt,
             } => {
                 let client = copt.to_client(OpType::Write).await;
+                let json = std::fs::read_to_string(attestation_ca_list_json_file).unwrap_or_else(|e| {
+                    error!("Could not read attestation CA list JSON file {attestation_ca_list_json_file:?}: {e:?}");
+                    std::process::exit(1);
+                });
+
                 if let Err(e) = client
-                    .group_account_policy_webauthn_attestation_set(name, attestation_ca_list_json)
+                    .group_account_policy_webauthn_attestation_set(name, &json)
                     .await
                 {
                     handle_client_error(e, copt.output_mode);

tools/cli/src/opt/kanidm.rs

@@ -216,7 +216,7 @@ pub enum GroupAccountPolicyOpt {
     #[clap(name = "webauthn-attestation-ca-list")]
     WebauthnAttestationCaList {
         name: String,
-        attestation_ca_list_json: String,
+        attestation_ca_list_json_file: PathBuf,
         #[clap(flatten)]
         copt: CommonOpt,
     },