yorker login: browser auth for the CLI
The CLI now opens a browser to authenticate, so first-run no longer means copying an API key out of the dashboard.
The Yorker CLI now ships with yorker login. Running it opens a consent page at yorkermonitoring.com/cli/auth where you click Authorize. Yorker mints a real API key tied to your team, names it CLI <hostname> so machines are easy to tell apart on the dashboard, and stores it at ~/.yorker/credentials (mode 0600). No more pasting sk_... into your shell on every new laptop.
yorker logout removes the local credential. Pass --revoke to also delete the API key on the server in one step.
Existing API keys still work. If you have YORKER_API_KEY set, the CLI uses it ahead of the persisted credential, so CI scripts and Docker containers stay exactly as they are.