Submit oauth secrets to vault DON

[timothyF95]

Summary

Completes the browser (--secrets-auth=browser) vault flow after platform OAuth: the CLI now submits the same digest-bound JSON-RPC body to the configured gateway with Authorization: Bearer, then parses the gateway response using the existing ParseVaultGatewayResponse path (create, update, delete, and list).

Previously, the flow stopped after token exchange and discarded the access token.

Changes

• GatewayClient: add PostWithBearer; HTTPClient implements it with Authorization: Bearer, retries on transport/read failures only (no on-chain allowlist retry semantics).
• executeBrowserUpsert: marshal the JSON-RPC request and pass requestBody into ExecuteBrowserVaultAuthorization so the POST matches the digest sent to createVaultAuthorizationUrl.
• ExecuteBrowserVaultAuthorization: new parameter requestBody []byte (validated non-empty); after code exchange, call postVaultGatewayWithBearer.
• postVaultGatewayWithBearer: POST + non-200 handling + ParseVaultGatewayResponse for all methods.
• cre secrets list / cre secrets delete (browser): pass the marshaled JSON-RPC body into ExecuteBrowserVaultAuthorization.
• mockGatewayClient: implement PostWithBearer by delegating to the existing post mock.
• Tests: PostWithBearer (success, empty token, non-200, transport retry), and postVaultGatewayWithBearer (create, list, non-200, invalid JSON).

Notes

Owner-key / allowlist flows are unchanged; they still use Post without Bearer.
End-to-end success still depends on the gateway and vault DON accepting JWT-backed requests.

[timothyF95]

cc: @prashantkumar1982