feat(auth): add support for api keys

[EandrewJones]

Add x-api-key Auth Support

Summary

• Add apiKey config option to the core flagon-userale library that sends an x-api-key HTTP header with log requests
• Add auth mode selector (None / OAuth / API Key) to the browser extension options UI
• Fix existing bug where the extension stored an OAuth accessToken but never actually sent it to userale
• Fix setStoredOptions() validation bug that rejected partial updates (e.g. saving only apiKey would throw because allowList was undefined)

Changes

Core library (flagon-userale)

• src/types.d.ts — new ApiKey type, added to ConfigValueTypes union and Config interface
• src/configure.ts — new apiKey property on the Configuration singleton
• src/getInitialSettings.ts — apiKey in worker and browser default settings (reads data-api-key attribute)
• src/sendLogs.ts — sets x-api-key header in both sendLogs() and sendOnClose() when configured

Browser extension (flagon-userale-ext)

• src/utils/storage.ts — added apiKey and authMode fields to StoredOptions; fixed validation guard on partial updates
• src/options/auth.tsx — auth mode radio selector with conditional OAuth / API Key forms
• src/background/messages/config_change.ts — wires the selected auth mode to userale via userale.options()

Tests

• test/spec/sendLogs.spec.ts — x-api-key header present when set, absent when null, coexists with Authorization
• test/spec/configure.spec.ts — apiKey settable via config.update()

Test plan

• cd products/userale/packages/flagon-userale && pnpm test — all unit tests pass
• cd products/userale && pnpm build — core library and extension build cleanly
• pnpm lint — no new lint errors
• Load unpacked extension in Chrome, open options, select API Key mode, enter a key, save — verify x-api-key header appears on log POST requests in the Network tab
• Verify OAuth flow still works and sends Authorization: Bearer <token> header
• Verify "None" mode clears both auth headers