feat(oauth): add ATProto OAuth client with PKCE, DPoP, and PAR

Implements the core OAuth 2.1 client-side flow per ATProto spec: - PkceUtils: RFC 7636 code verifier/challenge generation (S256) - DpopProof: RFC 9449 DPoP proof JWT construction (ES256/P-256) - OAuthCallbackServer: localhost HTTP server for browser redirect - OAuthModels: serializable types for server metadata, PAR, tokens - OAuthManager: full flow orchestration (discovery, PAR, token exchange) All OAuth requests include DPoP proof headers. PAR is mandatory per ATProto spec. Token exchange includes PKCE code verifier. 👾 Generated with [Letta Code](https://letta.com) Co-Authored-By: Letta Code <noreply@letta.com>