[P1] Add timeouts, retries, and failure handling for outbound OAuth provider calls

[jjoonleo]

Problem

Outbound OAuth/provider HTTP calls use default HTTP clients without explicit connect/read timeouts, retries, or circuit breaker behavior.

Why this is not production ready

Default blocking calls can hang request threads when providers are slow or unreachable. Login/delete flows that call Google or Apple can degrade the whole service during provider incidents.

Evidence

• AppleLoginService creates new RestTemplate() and calls Apple keys/token/revoke endpoints.
• GoogleLoginService.revokeToken creates new RestTemplate() and calls Google's revoke endpoint.
• GoogleLoginService.verifyIdentityToken uses new NetHttpTransport() without an application-level timeout/retry policy.
• No retry, timeout, bulkhead, or circuit breaker configuration was found.

Required work

• Centralize HTTP client configuration for provider calls.
• Set connect/read timeouts appropriate for login flows.
• Add bounded retries only for safe transient failures.
• Add circuit breaker or provider-specific failure handling to avoid request-thread exhaustion.
• Return clear, structured errors to clients when provider calls fail.
• Add metrics for provider latency and failure rates.

Acceptance criteria

• Provider calls time out predictably and do not hang indefinitely.
• Login/revoke failures are logged safely with provider/error category but no secrets.
• Tests cover timeout/failure behavior using mocked provider clients.
• Metrics expose external provider latency and error counts.