* fix(auth): preserve token health after OAuth migration
After a user migrates from OAuth to a token/setup-token credential, the
gateway model-auth rollup reported the provider as missing, producing a
false "model auth expired" warning.
Rename aggregateOAuthStatus → aggregateRefreshableAuthStatus and
extract aggregateProfileStatus helper. OAuth remains authoritative when
present; token credentials are the fallback when no effective OAuth
profile exists. Empty effectiveProfiles stays authoritative (missing).
Token fallback applies regardless of expectsOAuth flag.
Fixes#97996
Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>
* test(auth): use fake token fixture
* fix(doctor): repair stale auth profile orders
* fix(doctor): inspect retained auth profile stores
* fix(doctor): harden retained auth store proof
---------
Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>