Wrangler login should get a token scoped to one account

[kentonv]

Currently wrangler login works like this:

1. In the browser, I authorize a token with access to all accounts attached to my user.
2. Wrangler displays a picker for me to select the account I want to use.
3. I select that account.
4. Wrangler promises to only use that account.

My user (kenton at cloudflare.com) is on several Cloudflare-internal accounts, some of which are important production accounts which I almost never intend to interact with using wrangler. It makes me nervous that I am creating a token that has access to all those accounts.

What I'd suggest instead is: In the browser, before the token is issued, I should be asked to choose which account I want to use. I should get a token for just that account, and wrangler itself should never ask me to choose an account.

This lets me keep the token restricted to my personal testing account, which is what I usually want.

[MattieTK]

Thanks @kentonv - great point, we actually talked about something very similar in the team a week or so back. Latest is we're blocked on this from some oauth changes that need to be made, but they are on the cards and we'll follow up as soon as that is landed. I'm watching the issue (SHIP-11780 internally).

Will move this to the backlog until then.