refactor: add SourceControlProvider interface for GitHub (#68)

* refactor: add SourceControlProvider interface for GitHub

Introduces a pluggable abstraction for source control platforms
(GitHub, with future support for GitLab/Bitbucket) through the
SourceControlProvider interface.

Changes:
- Add source-control module with types, errors, and token manager
- Implement GitHubSourceControlProvider with getRepository(),
  createPullRequest(), and generatePushAuth() methods
- Refactor handleCreatePR in SessionDO to use the new provider
- Organize files: types.ts, errors.ts, providers/constants.ts,
  providers/types.ts following codebase conventions

The provider properly handles merged PR state detection and fails
early when push auth generation fails (rather than attempting a
doomed push).

* refactor: remove TokenManager coupling from SourceControlProvider

Move token decryption to the session layer where it belongs:
- Remove SourceControlTokenManager interface and token-manager.ts
- Simplify SourceControlAuthContext to use plain token instead of encrypted
- Session layer now decrypts tokens before calling provider methods
- Provider is now a pure API client with no encryption concerns

This improves separation of concerns:
- Session layer: storage, encryption, token refresh
- Provider: API calls with plain tokens

Also simplifies testing - providers can be tested with plain token strings
without needing to mock encryption.

* refactor: remove unused SourceControlProviderCapabilities

Remove speculative generality - capabilities were declared but never
checked anywhere in the codebase. Following YAGNI: add capability
checks when a second provider (GitLab/Bitbucket) is actually implemented.

* chore: delete orphaned auth/pr.ts

File was not imported anywhere after migration to SourceControlProvider.
Functions like getPullRequestByHead, updatePullRequest, addPRComment
can be added to the provider interface if needed in the future.

* docs: clarify auth model in SourceControlProvider interface

Add section comments distinguishing user-authenticated operations
(getRepository, createPullRequest) from app-authenticated operations
(generatePushAuth). Explains why generatePushAuth() doesn't take an
auth parameter - it uses app credentials configured at construction.

* fix: add timeout protection to GitHub provider fetch calls

Use fetchWithTimeout (60s timeout) instead of raw fetch() to prevent
hung GitHub API requests from blocking the Durable Object indefinitely.
Consistent with existing pattern in auth/github-app.ts.

Author: ColeMurray

packages/control-plane/src/auth/github-app.ts

@@ -12,10 +12,10 @@
 import type { InstallationRepository } from "@open-inspect/shared";
 
 /** Timeout for individual GitHub API requests (ms). */
-const GITHUB_FETCH_TIMEOUT_MS = 60_000;
+export const GITHUB_FETCH_TIMEOUT_MS = 60_000;
 
 /** Fetch with an AbortController timeout. */
-function fetchWithTimeout(
+export function fetchWithTimeout(
   url: string,
   init: RequestInit,
   timeoutMs = GITHUB_FETCH_TIMEOUT_MS