feat: add --no-auth flag to api command for unauthenticated requests

[WilliamBergamin]

Changelog

Add --no-auth flag to the api command, allowing users to call Slack API methods that don't require authentication.

Summary

Some Slack API methods don't require authentication. Previously, the api command always resolved a token, failing if none was available, even when calling methods that don't need one. This prevents users from using publicly accessible endpoints.

This PR adds a --no-auth flag that skips token resolution entirely and sends the request without a token.

Preview

Testing

slack api blocks.validate --no-auth blocks='[{"type":"section","text":{"type":"mrkdwn","text":"Hello"}}]'

slack api api.test --no-auth

Notes

None

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[codecov]

Codecov Report

❌ Patch coverage is 89.47368% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.72%. Comparing base (c693443) to head (ac3ebc5).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/api/api.go	89.47%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #566      +/-   ##
==========================================
+ Coverage   71.66%   71.72%   +0.06%     
==========================================
  Files         226      226              
  Lines       19115    19128      +13     
==========================================
+ Hits        13699    13720      +21     
+ Misses       4209     4205       -4     
+ Partials     1207     1203       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[zimeg]

@WilliamBergamin Super nice unlocks this is bringing 🔓 ✨

I'm leaving a comment on an adjacent approach we can consider? Not against having --no-auth also but think it could pair with a new app select prompt option "no app" within projects 🎲 so details on this flag or methods needing it isn't needed in scripts otherwise 👾

[zimeg]

Suggested change

	return "", nil

🔮 thought: We might want to accept no token as valid input without requiring to know which flag is needed. I realize multiple cases exist for gathering tokens and we could use --help outputs toward this. The API response I think is meaningful too:

{
    "ok": false,
    "error": "not_authed"
}

🌛 suggestion: Might adding a "no app" option to app selection perhaps support having a --no-auth flag?

  Select an app
    A0B78JUQG4U devrelsandbox T02A074M3U3
    A0B78KLUSFN tinyspek E06LPMFSSTU
+ ❱ No app

🐮 ramble: In scripts a missing --token flag might have similar results and I hope the earlier error and documentation has details toward remediation!