feat(pam-extended): add pam extended schedule + discovery-rule subcommands

[msawczynk]

Summary

Adds a new pam extended command group with two sub-groups — schedule and rule — for managing PAM rotation schedules (PAMRotationSchedule.scheduleData) and discovery rules (PAMElementData) via the existing pam/modify REST endpoint.

New commands

pam extended schedule set   <config-uid> --cron <expr> [--tz <tz>]
pam extended schedule delete <config-uid>
pam extended schedule list   <config-uid>

pam extended rule add    <config-uid> --type <type> --value <val>
pam extended rule delete <config-uid> --rule-id <id>
pam extended rule list   <config-uid>

Design notes

• New package keepercommander/commands/pam_extended/ (4 files, ~400 LOC). No changes to existing files.
• Reuses CryptoUtils.url_safe_str_to_bytes for UID parsing and the existing KeeperApiRequest / communicate_rest transport — no new network primitives.
• PamExtendedCommand is wired into the PAM command group via register_commands in __init__.py.
• All commands require an active enterprise session (same guard as other PAM commands).

Files

File	Description
keepercommander/commands/pam_extended/__init__.py	Package init, register_commands hook
keepercommander/commands/pam_extended/group_command.py	PamExtendedCommand group
keepercommander/commands/pam_extended/schedule_commands.py	Schedule set/delete/list
keepercommander/commands/pam_extended/discovery_rule_commands.py	Rule add/delete/list

Testing

• Full import smoke: ✓
• Full Commander test suite: 114 passed, 9 skipped (3 unrelated config.json-missing errors are pre-existing in CI).
• Tested against lab tenant: schedule set/list/delete round-trip confirmed.

Made with Cursor