feat: add endpoint, token, and TLS cert storage for CLI client

[watcharaponthod-code]

Closes #2

What this does

Stores oken, cert_path, and cert_key_path in the profile YAML alongside the existing permify_url and enant fields, so users don't have to supply credentials on every invocation.

Changes

core/config/config.go

• Added Token, CertPath, CertKeyPath fields to CoreConfig (all omitempty, so existing config files remain valid).

core/client/grpc.go

• New Options struct carries the optional credentials.
• New(endpoint, opts) builds gRPC dial options: mTLS via credentials.NewTLS when cert+key are present, bearer token via PerRPCCredentials when a token is set, insecure transport otherwise.
• NewFromEnv(endpoint, stored) overlays PERMIFY_TOKEN, PERMIFY_CERT_PATH, PERMIFY_CERT_KEY_PATH env vars on top of stored values, making it easy to override in CI/container environments.

core/cli/configure.go

• permctl configure now prompts for auth token, cert path, and cert key path (all optional, skip by pressing enter).
• Persists the new fields to the config file on save.

core/cmd/{data,permission,schema,tenancy}/client.go

• All per-command client helpers pass the stored credentials through NewFromEnv.

Storage location

Credentials are stored in the YAML profile file (default path is set by the CLI bootstrap, typically ~/.permify/config on Unix or %USERPROFILE%.permify\config on Windows), as described in the issue comments.

Backward compatibility

All new fields use yaml:"...,omitempty", so existing config files without the new keys continue to work unchanged - the client falls back to insecure/anonymous mode.