feat(api): add OAuth token fields and new provider types support

Add support for OAuth-based authentication with access/refresh tokens
and expiration tracking for API keys. Extend provider groups with
static headers configuration and headers profile options.

Changes include:
- Add AccessToken, RefreshToken, ExpiresAt, AccountID, ProjectID to APIKey model
- Add StaticHeaders and HeadersProfile to ProviderGroup model
- Add TokenRefresh configuration for background token management
- Support new provider types: ClaudeCode, Codex, GeminiCLI, Antigravity
- Update sync service to include new fields in provider snapshots

internal/dto/api_key.go

@@ -4,11 +4,16 @@ import "time"
 
 // APIKeyDTO defines inbound payload for API key creation/update.
 type APIKeyDTO struct {
-	GroupID   uint      `json:"group_id"`
-	APIKey    string    `json:"api_key"`
-	Weight    int       `json:"weight,omitempty"`
-	Status    string    `json:"status"`
-	AutoBan   *bool     `json:"auto_ban,omitempty"`
-	BanReason string    `json:"ban_reason,omitempty"`
-	BanUntil  time.Time `json:"ban_until,omitempty"`
+	GroupID     uint      `json:"group_id"`
+	APIKey      string    `json:"api_key"`
+	AccessToken string    `json:"access_token,omitempty"`
+	RefreshToken string   `json:"refresh_token,omitempty"`
+	ExpiresAt   time.Time `json:"expires_at,omitempty"`
+	AccountID   string    `json:"account_id,omitempty"`
+	ProjectID   string    `json:"project_id,omitempty"`
+	Weight      int       `json:"weight,omitempty"`
+	Status      string    `json:"status"`
+	AutoBan     *bool     `json:"auto_ban,omitempty"`
+	BanReason   string    `json:"ban_reason,omitempty"`
+	BanUntil    time.Time `json:"ban_until,omitempty"`
 }