fix(patch): align Zoho OAuth with OIDC standard

* Submodule correct at `f09672d`, `remote-v0.1.49` tagged. Pipeline will build the image with the improved Zoho error logging.

Once deployed, try the Zoho sign-in again. The server logs will now show the actual Zoho error message, e.g.:
```
"zoho token exchange failed (HTTP 400): {"error":"invalid_code"}"
```

Check with:
```bash
kubectl logs deployment/<release>-vibe-kanban-team -n <namespace> --tail=50 | grep zoho
```

That will tell us exactly what Zoho is rejecting and we can fix the root cause.

* fix(patch): align Zoho OAuth with OIDC standard (match Coder's working flow)

- Token exchange: use client_secret_basic (HTTP Basic Auth) instead of
  client_secret_post (form body) — matches Go's oauth2 library default
- Userinfo endpoint: /oauth/v2/userinfo (OIDC standard) instead of
  /oauth/user/info (legacy Zoho API)
- Auth header: Bearer token (standard) instead of Zoho-oauthtoken (proprietary)
- Response parsing: OIDC claims (sub, email, name, given_name, family_name,
  picture) instead of legacy Zoho fields (ZUID, Email, Display_Name)
- Refresh token: also use client_secret_basic
- Error logging: read response body before status check for clear error messages

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Riajul Islam <riajul@kahf.co>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 3 people