Standard OIDC Installers

[jkodroff]

trafficstars

OIDC is painful and error-prone to set up, but it's also a pre-requisite for getting up and running with ESC for most use cases, and using Insights scanning. We can improve this experience for customers by adding officially supported (TBD what exactly this means) installers for OIDC for each of the major clouds.

We have some prior art (search https://github.com/pulumi/examples for folders with "oidc" in the title).

Here's my recommended approach:

• Pick a single language for the installers as I don't think extending them to multiple languages is worth the overhead. Node feels like a reasonable compromise between popularity and operational ease.
• Pick a place to put the installers/quickstarts/whatever we want to call them: either a folder in this repo or a separate repo.
• Remove the OIDC setup stuff in pulumi/examples in favor of the official installers.
• Update pulumi/docs to point users to use the official installers.
• Add some basic guidance (in the docs or the readme for the installers, probably the former to start) on how to deploy ESC at scale (e.g. to many AWS accounts). IMO our recommended approach for deploying at scale is to do one stack per cloud environment. This guidance shouldn't be too specific, because, given the AWS use case, there's a lot of ways operators might be authenticating to accounts. Just pointing the way on how to generally accomplish the task.

[jkodroff]

If this is agreeable, I am happy to take a first pass.

• Let me know where we want to put the installers. I think I favor a separate repo. I am happy to be a codeowner since I would be a frequent user of these installers.
• I can take what we have today in pulumi/examples, and put it where it should go, update the docs, and create issues for any gaps.