Is your feature request related to a problem? Please describe.

I'd like to run pomerium-cli as a sidecar in a container, enabling access to services running in another cluster or network.

Describe the solution you'd like

I'd like to be able to pass a service account token to the CLI, so that connection would be available until the SA token expires.

A container should quit if the token is expired with a clear error message.

Describe alternatives you've considered

Explain any additional use-cases

Additional context

Related: #58

Problems this aims to solve:

1. Session expiration can be frustrating when multiple connections are open (then they all open up at once) pomerium/desktop-client#162
2. Not having control over which browser (or browser profile) is opened when the session is expired
3. We want to provide a way for folks to leverage the cli and service accounts to make machine to machine calls.

I think we should tackle (1) (2) in follow up tickets in the desktop client. We should support (3).