Support configuring UrlExecCommand for SSO auth

[amphied]

Is your feature request related to a problem? Please describe.

It could be useful to allow overriding the UrlExecCommand for SSO auth. This could either be used to configure a different browser or be used for scripting.

Browser example: Launching Chrome in a specific profile

Scripting example: As mentioned in #524 I'd like to send the auth url to a script that relays it to a separate machine where my password safe and yubikey are located.

Describe the solution you'd like

Introduce a config option AuthUrlExecCommand similar to AuthUrlAction (overriding UrlAction). This could be either on global level or SSO-specific config or both:

SSOConfig:
    <Name of AWS SSO>:
        AuthUrlAction: [clip|exec|print|printurl|open|granted-containers|open-url-in-container]
        AuthUrlExecCommand:
            - <command>
            - <arg 1>
            - <arg N>
            - "%s"
AuthUrlExecCommand:
    - <command>
    - <arg 1>
    - <arg N>
    - "%s"

On a related note: I think it could be useful to have AuthUrlAction available globally, too.

Describe alternatives you've considered

Workarounds:

1. Setting UrlExecCommand globally to a script that determines how to proceed based on the specific url.
2. Setting the new config option AuthUrlAction to open and packaging a script into an .app so that it can be called with open -a foo.app (see open-golang) via the Browser config.

Implementation alternatives:

1. Allowing overriding the global UrlExecCommand similar to DefaultRegion which can be set on every config level (SSO, Account, Role). Downside: massive config overhead.

Additional context

Related: #353, #524, #545