Fix filepath issue for client files

[remyguercio]

The following fix didn't make it through the refactor: tailscale/tailscale@e296a6b

In the current setup, files will be written to the home directory of the user running tsidp.

[mostlygeek]

I tested this on OSX and linux. Please confirm is this is the expected behaviour.

When running the server with a -dir <statedir> flag, all the tsnet state files, oidc-funnel-clients.json and oidc-key.json is written to <statedir>.

---

When starting the server without a -dir flag:

On Linux:

$ TS_AUTH_KEY=tskey-auth-X TAILSCALE_USE_WIP_CODE=1 TSNET_FORCE_LOGIN=1 ./tsidp-server-linux-amd64-2025-09-10-91826 -local-port 9313
2025/09/10 14:32:06 tsnet running state path /home/mostlygeek/.config/tsnet-tsidp-server-linux-amd64-2025-09-10-91826/tailscaled.state
2025/09/10 14:32:06 tsnet starting with hostname "idp", varRoot "/home/mostlygeek/.config/tsnet-tsidp-server-linux-amd64-2025-09-10-91826"
2025/09/10 14:32:06 LocalBackend state is NoState; running StartLoginInteractive...
2025/09/10 14:32:08 Running tsidp at https://idp-1.tsXXXX.ts.net ...
2025/09/10 14:32:08 Also running tsidp at http://localhost:9313 ...
2025/09/10 14:32:11 AuthLoop: state is Running; done

• oidc-key.json and oidc-funnel-clients.json defaults to $(pwd) in the case above: ~/tsidp-server
• tsnet state defaults to /home/mostlygeek/.config/tsnet-tsidp-server-linux-amd64-2025-09-10-91826

on OSX:

$ TS_AUTH_KEY=tskey-auth-X TAILSCALE_USE_WIP_CODE=1 TSNET_FORCE_LOGIN=1  go run . -hostname idp-migration -local-port 1931
2025/09/10 14:27:16 tsnet running state path /Users/mostlygeek/Library/Application Support/tsnet-tsidp/tailscaled.state
2025/09/10 14:27:16 tsnet starting with hostname "idp-migration", varRoot "/Users/mostlygeek/Library/Application Support/tsnet-tsidp"
2025/09/10 14:27:16 LocalBackend state is NoState; running StartLoginInteractive...
2025/09/10 14:27:18 Running tsidp at https://idp-migration-2.tsXXXX.ts.net ...
2025/09/10 14:27:18 Also running tsidp at http://localhost:1931 ...
2025/09/10 14:27:21 AuthLoop: state is Running; done

• oidc-key.json and oidc-funnel-clients.json defaults to $(pwd).
• tsnet state defaults to /Users/mostlygeek/Library/Application Support/tsnet-tsidp

I haven't tested it on Windows.