fix an edge case bug that "identity_policies" is nil (#17007)

* check if "identity_policies" is nil to fix cli vault login error

* add changelog

* skip add identity_policies to resp when there's no identity_policies associated in token's namespace

This is an edge case, when an entity has identity_policies associated in other namespaces but no identity_policies in this token's namespace, `identityPolicies[out.NamespaceID]` is nil, client side doesn't handle nil which raises error.

* update changelog

---------

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>

api/secret.go

@@ -159,6 +159,10 @@ TOKEN_DONE:
 			goto DONE
 		}
 
+		if s.Data["identity_policies"] == nil {
+			goto DONE
+		}
+
 		sList, ok := s.Data["identity_policies"].([]string)
 		if ok {
 			identityPolicies = sList

changelog/17007.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+auth/token: fixes an edge case bug that "identity_policies" is nil and causes cli vault login error
+```

vault/token_store.go

@@ -3435,8 +3435,10 @@ func (ts *TokenStore) handleLookup(ctx context.Context, req *logical.Request, da
 			return nil, err
 		}
 		if len(identityPolicies) != 0 {
+			if _, ok := identityPolicies[out.NamespaceID]; ok {
 				resp.Data["identity_policies"] = identityPolicies[out.NamespaceID]
 				delete(identityPolicies, out.NamespaceID)
+			}
 			resp.Data["external_namespace_policies"] = identityPolicies
 		}
 	}