Add context comment for host-to-profile resolution in auth token (#4593)

## Summary

Comment-only change in `cmd/auth/token.go` to document why `loadToken`
resolves `--host` to a profile name before looking up the token cache.

The profile key is the intended primary cache key. The SDK's `dualWrite`
writes tokens under both the profile key and the legacy host key for
backward compatibility with older Python/Java SDKs that only know host
keys. This comment explains the migration context and when dualWrite can
be removed.

## Test plan

- No behavioral changes — comment only

Signed-off-by: simon <simon.faltum@databricks.com>

Author: simonfaltum

cmd/auth/token.go

@@ -161,8 +161,14 @@ func loadToken(ctx context.Context, args loadTokenArgs) (*oauth2.Token, error) {
 		return nil, err
 	}
 
-	// When no profile was specified, check if multiple profiles match the
-	// effective cache key for this host.
+	// When no profile was specified, resolve the host to a profile in
+	// .databrickscfg. This ensures the token cache lookup uses the profile
+	// key (e.g. "logfood") rather than the host URL, which is important
+	// because the SDK's dualWrite is a transitional mechanism: it writes
+	// tokens under both keys for backward compatibility with older SDKs
+	// that only know host keys, but the profile key is the intended
+	// primary key. Once older SDKs have migrated to profile-based keys,
+	// dualWrite and the host key can be removed entirely.
 	if args.profileName == "" && args.authArguments.Host != "" {
 		cfg := &config.Config{
 			Host:                       args.authArguments.Host,