feat(auth): add td auth print-token for script and agent use

[scottlovegrove]

Summary

• New td auth print-token subcommand prints the stored API token for the active user (or --user <ref>) to stdout, so scripts can capture it via TOKEN=$(td auth print-token) without ever surfacing the token in an agent's conversation context.
• Refuses when TODOIST_API_TOKEN is set in the environment — the token is already available there, and silently echoing it would mask multi-user --user requests when env happens to be set. New error code TOKEN_FROM_ENV with actionable hints.
• Naming: auth print-token (flat sibling) rather than auth token view to avoid colliding with the existing auth token [token] save command.

Test plan

• npm test -- src/commands/auth/auth.test.ts — 24/24 pass (4 new: happy path, env refusal, NoTokenError propagation, UserNotFoundError propagation)
• npm run check — lint + format clean
• npm run check:skill-sync — skills/todoist-cli/SKILL.md regenerated and in sync
• npm run type-check — clean
• Manual: TOKEN=$(td auth print-token); echo "len=${#TOKEN}"
• Manual: td auth print-token --user <other-email> resolves the right account
• Manual: TODOIST_API_TOKEN=fake td auth print-token exits non-zero with TOKEN_FROM_ENV

🤖 Generated with Claude Code

[doistbot]

This PR introduces the td auth print-token subcommand to securely retrieve stored API tokens for scripts and agents, complete with thoughtful environment variable handling. The addition elegantly supports automation workflows without complicating the existing authentication commands. A few minor adjustments would polish this up, specifically updating the agent quick reference examples to use shell capture rather than bare invocations to prevent transcript token leaks, and ensuring the missing --user flag is included in the user mismatch test to align with its description.

_{Share Feedback • Review Logs}