Separate Claude accounts by email and disable unavailable OpenCode source

[kargnas]

Summary

This PR fixes Claude account separation so OpenCode and Claude Code logins are recognized as distinct accounts by identity (account ID/email), and prevents unavailable OpenCode Claude auth from being shown as a lingering fallback row.

User Impact

Users with multiple Claude auth sources now see account rows separated by identity instead of collapsing into one entry. If OpenCode Claude auth is unavailable, it no longer appears as a misleading No usage data pseudo-account, and the provider degrades to an unavailable state consistently with other providers.

Root Cause

• Claude account dedupe depended on token/usage similarity and could collapse distinct identities.
• Keychain payload parsing assumed strict JSON, but Claude Code credentials can be stored in loose/hex-encoded formats.
• OpenCode auth fetch failures were converted into fallback account rows, so unavailable OpenCode auth still appeared in the menu.

Fix

• Added robust Claude identity resolution (/api/oauth/profile, /api/oauth/account) and dedupe by accountId/email fallback chain.
• Hardened keychain parsing for Claude Code credentials:
  • strict JSON parse
  • sanitized JSON fragment parse
  • hex-decoded payload parse
  • loose payload extraction for accessToken/email/accountId
• Updated menu labeling to show Claude email in quota rows and detail submenu.
• Changed Claude fallback behavior:
  • skip unavailable OpenCode source instead of keeping a fallback row
  • return authentication-unavailable status when no active Claude account remains

Validation

• make lint-swift (passes; existing unrelated trailing-comma warning in StatusBarController.swift)
• xcodebuild -project CopilotMonitor/CopilotMonitor.xcodeproj -scheme CopilotMonitor -configuration Debug build (succeeds)
• Runtime log verification confirms:
  • keychain recovery path is used for Claude Code credentials
  • Claude account discovery reports 2 accounts in multi-source setup
  • unavailable OpenCode fallback row is not retained

[op-gg-ai-devops]

Claude 프로바이더가 API를 통해 계정 이메일과 ID를 식별해 다중 계정 처리를 개선하고, TokenManager에 키체인 데이터 복구를 위한 하드코어한 파싱 로직을 추가했네.

---

ClaudeProvider에서 API 찔러서 계정 정보 직접 가져오는 건 멀티 계정 꼬임 방지에 아주 좋아. 근데 TokenManager에서 JSON 깨진 거 살리겠다고 정규식에 Hex 디코딩까지 동원한 건 로직이 너무 복잡해서, 예상치 못한 데이터 포맷 들어오면 터질 수도 있겠다. 테스트 빡세게 돌려서 검증하고, 로그에 이메일 같은 개인정보 막 찍히는 건 아닌지 보안 체크 한번 해라.

---

이건 그냥 맛보기 리뷰야.
버그랑 보안 취약점까지 탈탈 털어주는 상세 리뷰를 원하면 댓글에 @opgginc/op-gg-ai-devops 리뷰해줘라고 쓰거나, 리뷰어에 @opgginc/op-gg-ai-devops 팀을 추가해.