fix(auth): add oauth-2025-04-20 beta header + debug logging

Ensure anthropic-beta includes oauth-2025-04-20 when using OAuth tokens,
fixing 401 "OAuth authentication is currently not supported" errors.
Add debug-level logging for upstream requests/responses, sniffed headers,
and token refresh operations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/auth/refresh.go

@@ -64,6 +64,13 @@ func RefreshToken(ctx context.Context, cred *Credential) error {
 	}
 	req.Header.Set("Content-Type", "application/json")
 
+	log.Debug().
+		Str("url", tokenEndpoint).
+		Str("grant_type", "refresh_token").
+		Str("client_id", clientID).
+		Str("scope", oauthScopes).
+		Msg("token refresh request")
+
 	resp, err := utlsClient.Do(req)
 	if err != nil {
 		return fmt.Errorf("execute request: %w", err)
@@ -71,6 +78,12 @@ func RefreshToken(ctx context.Context, cred *Credential) error {
 	defer resp.Body.Close()
 
 	body, _ := io.ReadAll(resp.Body)
+
+	log.Debug().
+		Int("status", resp.StatusCode).
+		Int("response_size", len(body)).
+		Msg("token refresh response")
+
 	if resp.StatusCode != http.StatusOK {
 		return fmt.Errorf("refresh returned %d: %s", resp.StatusCode, string(body))
 	}