v0.40.3

Fallback se:// URI generation when secrets engine is unreachable (#448)

* Fallback se:// URI generation when secrets engine is unreachable

When GetSecrets() fails (e.g. MSIX-sandboxed Claude Desktop on Windows
cannot follow AF_UNIX reparse points to the WSL2 secrets engine socket),
generate se:// URIs for all declared secrets instead of silently setting
them to <UNKNOWN>. Docker Desktop resolves se:// URIs at container runtime
via named pipes, which are unaffected by MSIX restrictions.

Also log the GetSecrets() error instead of silently discarding it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address PR feedback: handle OAuth secrets in fallback path

Refactored into separate functions for clarity:
- buildFallbackURIs: generates se:// URIs for all declared secrets when
  the secrets engine is unreachable (OAuth preferred when configured)
- buildVerifiedURIs: generates se:// URIs only for secrets that exist
  in the store (OAuth checked first, then direct secret)
- oauthMapping: shared helper for OAuth provider lookup

When GetSecrets() fails (e.g. MSIX sandbox on Windows), the fallback
generates URIs for everything and lets Docker Desktop resolve at runtime.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>