feat(cli): expose per-app replica identities for stateful apps

[h4x3rotab]

Summary

This is a first, repo-scoped slice for #243.

It does not add new backend rollout semantics. Instead it exposes the per-replica shape that the current public API already returns, so operators can discover replica identity and target one replica intentionally from the CLI.

Included

• add phala cvms list --app <app_id> to list all CVMs for one app via the existing app-to-CVM API
• include vm_uuid and instance_id in CVM list rows / JSON output
• show VM UUID and Instance ID in phala cvms get
• add a checked-in design note and issue comment documenting the phased plan
• update CLI docs with the current manual per-replica workflow

Deferred

These appear to require backend/internal cloud-service work outside this repository:

• app-level update_policy
• ordered rollout enforcement (max_unavailable, surge semantics, readiness gates)
• lifecycle hooks / drain callbacks
• health-check-driven auto-heal / reconciler behavior
• any new API resource for preserved-state / app-instance management

Open question for maintainers

dstack already persists instance identity on disk. Is that identity (instance_id, disk attachment / preserved-state metadata) considered a stable first-class public contract that future provider/app-instance APIs should build on?

Validation

• bun run --cwd js test
• bun run --cwd cli type-check
• bun dist/index.js cvms list --help
• bun dist/index.js cvms get --help

Refs #243