Fix Claude startup keychain pre-alert and single prompt flow

[ratulsarna]

Summary

• Fixes Claude OAuth startup bootstrap keychain flow so pre-alert is shown deterministically before startup keychain access.
• Keeps startup to a single interactive keychain attempt per load invocation.
• Removes startup pre-alert dependence on preflight outcome to avoid missing pre-alerts on setups where no-UI reads can still trigger system prompts.
• Preserves background sync behavior from fix(claude): sync OAuth cache on keychain changes #305 (no changes to sync policy/gating).

Root cause

On some macOS/keychain setups, the first no-UI keychain read can still present the system prompt.
Our previous logic showed the in-app pre-alert only when transitioning to the interactive fallback path, so users could still see a system prompt without any pre-alert.

Changes

• Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift
  • Introduces bootstrap-specific keychain read helper flow with:
    • pre-alert shown before startup keychain access
    • silent-first read retained
    • at-most-one interactive attempt per bootstrap load
  • Adds focused startup diagnostics (silent success, interactive transition, interactive failure).
• Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift
  • Updates/adds tests for:
    • pre-alert shown before startup keychain access
    • pre-alert on interactive transition
    • pre-alert behavior independent of preflight outcome
    • at-most-one interactive attempt per bootstrap load

Validation

• swift test
• swift test --filter ClaudeOAuthCredentialsStoreTests
• pnpm check
• ./Scripts/compile_and_run.sh

[ratulsarna]

Closing this PR for now. After end-to-end validation, this branch did not deliver deterministic Claude keychain UX (we still observed repeated startup prompts and inconsistent pre-alert behavior), and it added substantial complexity without a net reliability gain. We have moved back to main and updated keychain documentation to reflect current behavior. We can revisit with a narrower, fresh design if we choose to tackle this again.