[codex] Use background agent task auth for backend calls (#18094)

## Summary

Introduces a single background/control-plane agent task for ChatGPT
backend requests that do not have a thread-scoped task, with
`AuthManager` owning the default ChatGPT backend authorization decision.

Callers now ask `AuthManager` for the default ChatGPT backend
authorization header. `AuthManager` decides whether that is bearer or
background AgentAssertion based on config/internal state, while
low-level bootstrap paths can explicitly request bearer-only auth.

This PR is stacked on PR4 and focuses on the shared background task auth
plumbing plus the first tranche of backend/control-plane consumers. The
remaining callsite wiring is split into PR4.2 to keep review size down.

## Stack

- PR1: https://github.com/openai/codex/pull/17385 - add
`features.use_agent_identity`
- PR2: https://github.com/openai/codex/pull/17386 - register agent
identities when enabled
- PR3: https://github.com/openai/codex/pull/17387 - register agent tasks
when enabled
- PR3.1: https://github.com/openai/codex/pull/17978 - persist and
prewarm registered tasks per thread
- PR4: https://github.com/openai/codex/pull/17980 - use task-scoped
`AgentAssertion` for downstream calls
- PR4.1: this PR - introduce AuthManager-owned background/control-plane
`AgentAssertion` auth
- PR4.2: https://github.com/openai/codex/pull/18260 - use background
task auth for additional backend/control-plane calls

## What Changed

- add background task registration and assertion minting inside
`codex-login`
- persist `agent_identity.background_task_id` separately from
per-session task state
- make `BackgroundAgentTaskManager` private to `codex-login`; call sites
do not instantiate or pass it around
- teach `AuthManager` the ChatGPT backend base URL and feature-derived
background auth mode from resolved config
- expose bearer-only helpers for bootstrap/registration/refresh-style
paths that must not use AgentAssertion
- wire `AuthManager` default ChatGPT authorization through app listing,
connector directory listing, remote plugins, MCP status/listing,
analytics, and core-skills remote calls
- preserve bearer fallback when the feature is disabled, the backend
host is unsupported, or background task registration is not available

## Validation

- `just fmt`
- `cargo check -p codex-core -p codex-login -p codex-analytics -p
codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
codex-models-manager -p codex-chatgpt -p codex-model-provider -p
codex-mcp -p codex-core-skills`
- `cargo test -p codex-login agent_identity`
- `cargo test -p codex-model-provider bearer_auth_provider`
- `cargo test -p codex-core agent_assertion`
- `cargo test -p codex-app-server remote_control`
- `cargo test -p codex-cloud-requirements fetch_cloud_requirements`
- `cargo test -p codex-models-manager manager::tests`
- `cargo test -p codex-chatgpt`
- `cargo test -p codex-cloud-tasks`
- `just fix -p codex-core -p codex-login -p codex-analytics -p
codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
codex-models-manager -p codex-chatgpt -p codex-model-provider -p
codex-mcp -p codex-core-skills`
- `just fix -p codex-app-server`
- `git diff --check`

codex-rs/codex-mcp/src/lib.rs

@@ -16,15 +16,18 @@ pub use mcp::ToolPluginProvenance;
 pub use mcp::canonical_mcp_server_key;
 pub use mcp::collect_mcp_server_status_snapshot;
 pub use mcp::collect_mcp_server_status_snapshot_with_detail;
+pub use mcp::collect_mcp_server_status_snapshot_with_detail_and_authorization_header;
 pub use mcp::collect_mcp_snapshot;
 pub use mcp::collect_mcp_snapshot_from_manager;
 pub use mcp::collect_mcp_snapshot_from_manager_with_detail;
 pub use mcp::collect_mcp_snapshot_with_detail;
+pub use mcp::collect_mcp_snapshot_with_detail_and_authorization_header;
 pub use mcp::collect_missing_mcp_dependencies;
 pub use mcp::compute_auth_statuses;
 pub use mcp::configured_mcp_servers;
 pub use mcp::discover_supported_scopes;
 pub use mcp::effective_mcp_servers;
+pub use mcp::effective_mcp_servers_with_authorization_header;
 pub use mcp::group_tools_by_server;
 pub use mcp::mcp_permission_prompt_is_auto_approved;
 pub use mcp::oauth_login_support;
@@ -34,6 +37,7 @@ pub use mcp::should_retry_without_scopes;
 pub use mcp::split_qualified_tool_name;
 pub use mcp::tool_plugin_provenance;
 pub use mcp::with_codex_apps_mcp;
+pub use mcp::with_codex_apps_mcp_with_authorization_header;
 pub use mcp_connection_manager::CodexAppsToolsCacheKey;
 pub use mcp_connection_manager::DEFAULT_STARTUP_TIMEOUT;
 pub use mcp_connection_manager::MCP_SANDBOX_STATE_META_CAPABILITY;