Add delete provider command

[eleftherias]

Summary

This adds the minder provider delete command, with the option of passing a provider ID or name.
The command will delete the provider from the DB, delete all associated repos, remove the repo webhooks and uninstall the GitHub App from the GitHub org, if it is a GitHub App provider.

Fixes #2897

Change Type

Mark the type of change your PR introduces:

• Bug fix (resolves an issue without affecting existing features)
• Feature (adds new functionality without breaking changes)
• Breaking change (may impact existing functionalities or require documentation updates)
• Documentation (updates or additions to documentation)
• Refactoring or test improvements (no bug fixes or new functionality)

Testing

Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.

Review Checklist:

• Reviewed my own code for quality and clarity.
• Added comments to complex or tricky code sections.
• Updated any affected documentation.
• Included tests that validate the fix or feature.
• Checked that related changes are merged.

[coveralls]

coverage: 48.298% (+0.3%) from 48.035%
when pulling ccbf3a2 on eleftherias:delete-provider
into 11c13c2 on stacklok:main.

[evankanderson]

My only real question / concern is whether we want the logic of deleting dependent repositories (but not other types of things a provider might be responsible for) to live in controlplane, or to push that down into the providers implementation.

[evankanderson]

This feels like it should be a part of the DeleteProvider implementation, rather than in ControlPlane. e.g. GitHub providers should understand that they need to clean up webhooks, but other types of providers might have other types of cleanup they need to do.

(e.g. we talked about DeleteProvider for GHA un-installing the app from the org.)

[eleftherias]

I had written it like that initially, but then providerService needed to use the repositoryService which seemed wrong. We could also call the store directly to delete the repositories, but then there will be duplicate logic in the services.

[dmjb]

I think it's totally reasonable for different services to call eachother - some domain concepts are at a higher level of abstraction than others, and thus delegate to the services for the lower-level domain concepts.

[eleftherias]

It seems there were some recent changes that also now create an import cycle when I try that:

package github.com/stacklok/minder/internal/providers
	imports github.com/stacklok/minder/internal/repositories/github
	imports github.com/stacklok/minder/internal/logger
	imports github.com/stacklok/minder/internal/engine/actions/alert
	imports github.com/stacklok/minder/internal/engine/actions/alert/security_advisory
	imports github.com/stacklok/minder/internal/providers: import cycle not allowed

[eleftherias]

I feel like we can resolve the cycle, but it's not something I want to spend time too much time on now. Can we live with this logic in the controlplane for now and do a followup PR to refactor?

[evankanderson]

Yes, I'm okay with that.

[evankanderson]

Looking at the import cycle, I'd probably break the logger --> actions/alert import path, but happy to do that as a follow-up.

[evankanderson]

These lines are shared with getInstallationOwner on 430 -- it feels like this should be a method.

getInstallationTokenCredential has a slightly different path to the same outcome, but might be the right tool for the job as it covers 417-436, with the chance of returning an EmptyCredential.

[evankanderson]

(This is a small nit, and we can fix it later)

[evankanderson]

Looking at the import cycle, I'd probably break the logger --> actions/alert import path, but happy to do that as a follow-up.