Add CI-safe OAuth provider E2E flow with mock server

[penso]

Summary

• add a dedicated oauth Playwright project and webServer wiring
• add e2e/start-gateway-oauth.sh to boot gateway with isolated runtime paths and OAuth env overrides
• add e2e/mock-oauth-server.js implementing authorize/token endpoints with PKCE validation plus call inspection/config/reset endpoints
• add e2e/specs/oauth.spec.js covering provider visibility, successful PKCE browser flow, state mismatch rejection, disconnect flow, token-exchange failure handling, and callback parameter validation
• include implementation plan document under plans/e2e-tests-oauth-provider-connection.md

Validation

• biome check crates/gateway/ui/e2e/mock-oauth-server.js crates/gateway/ui/e2e/specs/oauth.spec.js crates/gateway/ui/playwright.config.js
• cd crates/gateway/ui && npx playwright test --project=oauth

Notes

• this PR implements Approach 1 (mock OAuth server) from the plan; refresh-path E2E coverage is still a follow-up item.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[codspeed-hq]

Merging this PR will improve performance by ×2.4

⚡ 1 improved benchmark
✅ 33 untouched benchmarks
⏩ 1 skipped benchmark¹

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
⚡	session_store_list[10]	39 µs	16.3 µs	×2.4

---

_{Comparing e2e-tests-oauth-provider (d730ba5) with main (45cbf7c)}

Footnotes

1. 1 benchmark was skipped, so the baseline result was used instead. If it was deleted from the codebase, click here and archive it to remove it from the performance reports. ↩