Default to device_code for WSL/SSH sessions

[synfinatic]

Fixes: #1371

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.54%. Comparing base (5e126c1) to head (91c398f).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1372      +/-   ##
==========================================
+ Coverage   88.52%   88.54%   +0.02%     
==========================================
  Files          54       54              
  Lines        3649     3655       +6     
==========================================
+ Hits         3230     3236       +6     
  Misses        289      289              
  Partials      130      130              

Flag	Coverage Δ
unittests	88.54% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/prompt/remote_host.go	100.00% <100.00%> (ø)
internal/sso/auth/awssso_auth.go	89.25% <100.00%> (+0.14%)	⬆️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5e126c1...91c398f. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR addresses loopback callback failures in WSL/SSH environments by defaulting the OIDC authentication workflow to device_code when running under WSL or an SSH session (unless the user explicitly sets AuthWorkflow), aligning the default behavior with environments where pkce is unreliable.

Changes:

• Update auth workflow selection to default to device_code when WSL/SSH is detected and AuthWorkflow is unset.
• Add prompt.IsWSL() helper and apply it in both auth selection and the setup wizard.
• Update tests, documentation, and changelog to reflect the new defaulting behavior.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
internal/sso/auth/awssso_auth.go	Defaults to device_code in WSL/SSH when AuthWorkflow is unset.
internal/sso/auth/awssso_auth_test.go	Expands coverage for WSL/SSH-driven auth workflow selection.
internal/prompt/remote_host.go	Adds WSL environment detection helper.
internal/prompt/remote_host_test.go	Adds tests for WSL detection; modernizes env handling in tests.
docs/config.md	Documents updated defaulting behavior for AuthWorkflow.
cmd/aws-sso/setup_wizard_cmd.go	Uses prompt.IsWSL() instead of inline env var check.
CHANGELOG.md	Notes the new defaulting behavior for WSL/SSH sessions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.