Show usage on invalid command line invocation.

[Tener]

This is a small (code-wise) change to always show contextual command usage information when the user has supplied the wrong set of parameters for the CLI invocation.

Instead of getting just the error message:

$ tctl users
ERROR: must select a subcommand of 'users'

$ tctl requests
ERROR: must select a subcommand of 'requests'

$ tctl get
ERROR: required argument 'resources' not provided

$ tsh request
ERROR: must select a subcommand of 'request'

$ tsh apps
ERROR: must select a subcommand of 'apps'

$ tsh db
ERROR: must select a subcommand of 'db'

The users will now get enough information to know how to fix their issue:

$ tctl users
usage: tctl users <command> [<args> ...]

Manage user accounts

Flags:
  -d, --debug        Enable verbose logging to stderr
  -c, --config       Path to a configuration file [/etc/teleport.yaml]. Can also be set via the TELEPORT_CONFIG_FILE environment variable.
      --auth-server  Attempts to connect to specific auth/proxy address(es) instead of local auth [127.0.0.1:3025]
  -i, --identity     Path to an identity file. Must be provided to make remote connections to auth. An identity file can be exported with 'tctl auth sign'
      --insecure     When specifying a proxy address in --auth-server, do not verify its TLS certificate. Danger: any data you send can be intercepted or modified by an attacker.

Commands:
  users add    Generate a user invitation token [Teleport DB users only]
  users update Update user account
  users ls     Lists all user accounts.
  users rm     Deletes user accounts
  users reset  Reset user password and generate a new token [Teleport DB users only]

Aliases:

ERROR: must select a subcommand of 'users'

$ tctl requests
usage: tctl requests <command> [<args> ...]

Manage access requests

Flags:
  -d, --debug        Enable verbose logging to stderr
  -c, --config       Path to a configuration file [/etc/teleport.yaml]. Can also be set via the TELEPORT_CONFIG_FILE environment variable.
      --auth-server  Attempts to connect to specific auth/proxy address(es) instead of local auth [127.0.0.1:3025]
  -i, --identity     Path to an identity file. Must be provided to make remote connections to auth. An identity file can be exported with 'tctl auth sign'
      --insecure     When specifying a proxy address in --auth-server, do not verify its TLS certificate. Danger: any data you send can be intercepted or modified by an attacker.

Commands:
  requests ls  Show active access requests
  requests get Show access request by ID
  requests approve Approve pending access request
  requests deny Deny pending access request
  requests create Create pending access request
  requests rm  Delete an access request
  requests review Review an access request

Aliases:
request

ERROR: must select a subcommand of 'requests'

$ tctl get
usage: tctl get [<flags>] <resources>

Print a YAML declaration of various Teleport resources

Flags:
  -d, --debug         Enable verbose logging to stderr
  -c, --config        Path to a configuration file [/etc/teleport.yaml]. Can also be set via the TELEPORT_CONFIG_FILE environment variable.
      --auth-server   Attempts to connect to specific auth/proxy address(es) instead of local auth [127.0.0.1:3025]
  -i, --identity      Path to an identity file. Must be provided to make remote connections to auth. An identity file can be exported with 'tctl auth sign'
      --insecure      When specifying a proxy address in --auth-server, do not verify its TLS certificate. Danger: any data you send can be intercepted or modified by an attacker.
      --format        Output format: 'yaml', 'json' or 'text'
      --with-secrets  Include secrets in resources like certificate authorities or OIDC connectors
  -v, --verbose       Verbose table output, shows full label output

Args:
  <resources>  Resource spec: 'type/[name][,...]' or 'all'

Aliases:
Examples:

  $ tctl get clusters       : prints the list of all trusted clusters
  $ tctl get cluster/east   : prints the trusted cluster 'east'
  $ tctl get clusters,users : prints all trusted clusters and all users

Same as above, but using JSON output:

  $ tctl get clusters --format=json


ERROR: required argument 'resources' not provided

$ tsh request
usage: tsh request <command> [<args> ...]

Manage access requests

Flags:
  -l, --login                    Remote host login
      --proxy                    SSH proxy address
      --user                     SSH proxy user [tener]
      --ttl                      Minutes to live for a SSH session
  -i, --identity                 Identity file
      --cert-format              SSH certificate format
      --insecure                 Do not verify server's certificate and host name. Use only in test environments
      --auth                     Specify the type of authentication connector to use.
      --skip-version-check       Skip version checking between server and client.
  -d, --debug                    Verbose logging to stdout
  -k, --add-keys-to-agent        Controls how keys are handled. Valid values are [auto no yes only].
      --enable-escape-sequences  Enable support for SSH escape sequences. Type '~?' during an SSH session to list supported sequences. Default is enabled.
      --bind-addr                Override host:port used when opening a browser for cluster logins
  -J, --jumphost                 SSH jumphost

Commands:
  request ls   List access requests
  request show Show request details
  request new  Create a new access request
  request review Review an access request

Aliases:
requests

ERROR: must select a subcommand of 'request'

... and so forth for all other commands.

[Tener]

@r0mant can you take a look?