Fail fast on azd ai agent init when not logged in

[therealjohn]

Problem: Running azd ai agent init without being authenticated lets the user proceed through manifest detection, project scaffolding (azd init -t), and environment creation before finally failing at subscription selection with "not logged in". This leaves the directory in a partially-initialized state.

Fix: Add an ensureLoggedIn check early in the init command's RunE, before any interactive prompts or file-modifying operations. It calls ListSubscriptions as a lightweight auth probe — if the user isn't authenticated, they see the error immediately with a suggestion to run azd auth login.

Fixes #7547

[Copilot]

Pull request overview

Adds an early authentication probe to azd ai agent init so the command fails immediately when the user isn’t logged in, avoiding partially-initialized project state (Fixes #7547).

Changes:

• Introduces ensureLoggedIn() which calls Account.ListSubscriptions and converts gRPC Unauthenticated into a structured auth error with a login suggestion.
• Invokes ensureLoggedIn() near the start of init’s RunE, before prompts and file-modifying work.

[jongio]

Clean fix for #7547. The early auth check prevents the user from going through manifest detection, scaffolding, and environment creation only to fail later at subscription selection. The function mirrors the checkAiModelServiceAvailable pattern right above it - consistent and easy to follow. One suggestion below.

Worth considering as a follow-up: azd core's AccountService doesn't have a dedicated CheckAuth or IsAuthenticated RPC. ListSubscriptions works as a probe here but it's indirect - it may enumerate all subscriptions just to verify auth. A lightweight auth-check method in core would give extensions a cleaner, cheaper way to gate on authentication, and could handle error classification (not_logged_in vs login_expired) server-side where the info is available.