fix(cli): auth file should be chmod 600 (#6925)

* wip new tests

* test for auth file mode

* check perms internally

* chore: lint

cli/test/e2e/login-key.e2e-spec.ts

@@ -1,6 +1,8 @@
 import { restoreTempFolder, testApp } from '@test-utils';
-import { CLI_BASE_OPTIONS, setup, spyOnConsole } from 'test/cli-test-utils';
+import { CLI_BASE_OPTIONS, TEST_AUTH_FILE, deleteAuthFile, setup, spyOnConsole } from 'test/cli-test-utils';
+import { readFile, stat } from 'node:fs/promises';
 import { LoginCommand } from '../../src/commands/login';
+import yaml from 'yaml';
 
 describe(`login-key (e2e)`, () => {
   let apiKey: string;
@@ -20,6 +22,7 @@ describe(`login-key (e2e)`, () => {
   afterAll(async () => {
     await testApp.teardown();
     await restoreTempFolder();
+    deleteAuthFile();
   });
 
   beforeEach(async () => {
@@ -28,6 +31,8 @@ describe(`login-key (e2e)`, () => {
 
     const api = await setup();
     apiKey = api.apiKey;
+
+    deleteAuthFile();
   });
 
   it('should error when providing an invalid API key', async () => {
@@ -39,4 +44,23 @@ describe(`login-key (e2e)`, () => {
   it('should log in when providing the correct API key', async () => {
     await new LoginCommand(CLI_BASE_OPTIONS).run(instanceUrl, apiKey);
   });
+
+  it('should create an auth file when logging in', async () => {
+    await new LoginCommand(CLI_BASE_OPTIONS).run(instanceUrl, apiKey);
+
+    const data: string = await readFile(TEST_AUTH_FILE, 'utf8');
+    const parsedConfig = yaml.parse(data);
+
+    expect(parsedConfig).toEqual(expect.objectContaining({ instanceUrl, apiKey }));
+  });
+
+  it('should create an auth file with chmod 600', async () => {
+    await new LoginCommand(CLI_BASE_OPTIONS).run(instanceUrl, apiKey);
+
+    const stats = await stat(TEST_AUTH_FILE);
+
+    const mode = (stats.mode & 0o777).toString(8);
+
+    expect(mode).toEqual('600');
+  });
 });