Allow login to several k8s clusters with one action

[dive-deeper]

Description

When using the action auth-k8s one can specify the name of a single k8s cluster to connect to. This action works fine, however I need to connect to multiple clusters. The way I've found to do this is as follows:

      - name: Authorize against Teleport
        uses: teleport-actions/auth-k8s@v1
        with:
          proxy: <proxy-address>
          token: ${{ secrets.TELEPORT_TOKEN }}
          certificate-ttl: 15m
          kubernetes-cluster: cluster1
      - run: "echo ROOT_KUBECONFIG=$KUBECONFIG >> $GITHUB_ENV"

      - name: Authorize against Teleport
        uses: teleport-actions/auth-k8s@v1
        with:
          proxy: <proxy-address>
          token: ${{ secrets.TELEPORT_TOKEN }}
          certificate-ttl: 15m
          kubernetes-cluster: cluster2
      - run: "echo ROOT_KUBECONFIG=$ROOT_KUBECONFIG:$KUBECONFIG >> $GITHUB_ENV"
      - run: "echo KUBECONFIG=$ROOT_KUBECONFIG >> $GITHUB_ENV"

Which is ok for 2 clusters but I need to connect to 1-2 dozen of them, which definitely takes some time.
I tried using the action auth and then using tsh kube login, which is indeed successful, but when I execute any kubectl command it fails with the following error:

ERROR: access denied: identity is not allowed to reissue certificates
E0221 23:11:50.416446    1801 memcache.go:265] couldn't get current server API group list: Get "https://<teleport host>/api?timeout=32s": getting credentials: exec: executable /opt/hostedtoolcache/teleport/13.4.15-linux-amd64/x64/tsh failed with exit code 1

It would be nice if one could login to all allowed cluster for the identity, similar to tsh kube login all.

If this is possible already, it should be documented :)