Add OpenBao admin token action

tools/security-bootstrap-console/security_bootstrap_console.py

@@ -1503,6 +1503,9 @@ def runbook_command_payloads(data: dict[str, Any]) -> list[dict[str, str]]:
     audit_list_command = token_prompt_command("bao audit list")
     secrets_list_command = token_prompt_command("bao secrets list")
     auth_list_command = token_prompt_command("bao auth list")
+    platform_admin_token_command = token_prompt_command(
+        "bao token create -policy=platform-admin -period=24h -orphan"
+    )
     rotate_init_command = interactive_token_command(
         "bao operator rotate-keys -init -key-shares=3 -key-threshold=2"
     )
@@ -1592,6 +1595,12 @@ def runbook_command_payloads(data: dict[str, Any]) -> list[dict[str, str]]:
             auth_list_command,
             downstream_taint,
         ),
+        action(
+            "Create platform-admin token",
+            "Create a renewable 24-hour non-root OpenBao token with the platform-admin policy. The emitted token is secret; store it immediately through the approved operator secret path.",
+            platform_admin_token_command,
+            downstream_taint,
+        ),
         action(
             "Start unseal-key rotation",
             "Run once to start a new 3-share, threshold-2 rotation. If rotation is already in progress, do not rerun init; check status and submit existing shares.",