improve error handling during re-registration

[AdamVB]

Summary

• Backs up mondoo.yml to mondoo.yml.bak before deletion during re-registration, and restores it automatically if cnspec login fails
• Adds $LASTEXITCODE checks on both cnspec logout and cnspec login commands — previously only the output string was checked for "ERROR", which misses crashes, network timeouts, and
  non-zero exits without that keyword
• Adds a file existence check after login to catch cases where login reports success but produces no config file

Problem

Since commit b177c0c ("add reregister feature", Dec 2023), running the installer with a -RegistrationToken on a system that already has mondoo.yml triggers a logout → delete → login
cycle. If cnspec login fails for any reason (network issue, invalid token, API outage, DNS failure), the config file is already gone with no way to recover. This leaves the agent
unregistered and unable to communicate with the platform until someone manually re-registers.

The risk was increased by commit c930408 (Jan 2024), which removed the error check on the logout command — meaning a failed logout followed by a failed login still deleted the config.

This also runs on every installer invocation with a token, even when the installed version is already current, so scheduled updater tasks can trigger this path repeatedly.

Test plan

• Run installer with valid token on a system with existing mondoo.yml — should logout, re-register, and clean up .bak ✅
• Run installer with invalid token on a system with existing mondoo.yml — should fail login, restore .bak to mondoo.yml, and throw ✅
• Run installer with valid token on a system with no existing mondoo.yml — should register normally with no backup/restore logic ✅
• Simulate network failure during login (e.g. block api.mondoo.com) — should restore .bak and throw
• Verify mondoo.yml.bak is not left behind after successful re-registration ✅

Also:

Add random delay for windows update scheduled task

[mondoo-code-review]

Re-registration now backs up and restores the config file on failure, preventing agents from being left unconfigured.

[mondoo-code-review]

Error handling improvements for config backup/removal during re-registration look correct.

[mondoo-code-review]

Re-registration now backs up and restores mondoo.yml on login failure, preventing agents from being left unconfigured.

[mondoo-code-review]

Adds optional random delay (splay) to the scheduled task trigger, low risk change.

[mondoo-code-review]

Adds input validation for the Splay parameter when configuring scheduled task random delay.

[mondoo-code-review]

Re-registration now backs up and restores mondoo.yml on login failure, and adds splay/random-delay support for scheduled tasks.

[philipbalinov]

should we throw $output if $loginFailed = true so we maintain the previous behaviour?