feat: add OAuth2 server settings card and update SDK

[HarshMN2345]

• New updateOAuth2Server.svelte card in project settings for configuring the project as an OAuth2 authorization server (enabled toggle, authorization URL, scopes, per-client-type token durations, PKCE enforcement)
• Add ProjectUpdateOAuth2Server analytics event
• Fix enum renames introduced by SDK bump: Status→ProjectStatus, StatusCode→RedirectStatusCode, Adapter→SiteAdapter, BuildRuntime→SiteBuildRuntime, Framework→SiteFramework, Runtime→FunctionRuntime, Scopes→ProjectKeyScopes, Addon→OrganizationAddon

What does this PR do?

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

[greptile-apps]

Greptile Summary

This PR adds a new OAuth2 authorization server settings card to the project settings page, gated behind a oauth2-server feature flag, and bumps the internal SDK to pick up enum renames across the codebase.

• updateOAuth2Server.svelte introduces a full configuration form (enabled toggle, authorization URL, scopes via tags, per-client-type access/refresh token durations with unit selectors, and PKCE enforcement). Previously flagged issues — misleading success notification, missing min={1} guards on duration inputs, and the scopes empty-array-to-undefined silent no-op — are all resolved in this version.
• The SDK bump (9786d91 → 5c7f8e5) renames several enums (Status→ProjectStatus, Runtime→FunctionRuntime, etc.); the corresponding import sites are updated throughout the codebase.
• One remaining question: all four token duration fields use value ?? undefined before the API call, which omits the field entirely when a user clears the input. Depending on whether the backend treats an absent field as "clear" or "no change", this could prevent users from unsetting a previously-saved duration.

Confidence Score: 5/5

Safe to merge; the change is entirely additive and feature-flagged, so no existing project settings are affected until the flag is enabled.

The new OAuth2 settings card is isolated behind a flag, all previously identified defects are fixed, and the rest of the touched files (analytics, flags, page layout, lock file) are straightforward additions following established patterns.

updateOAuth2Server.svelte deserves a second look on the null ?? undefined duration handling once the backend API contract for that field is confirmed.

Important Files Changed

Filename	Overview
src/routes/(console)/project-[region]-[project]/settings/updateOAuth2Server.svelte	New OAuth2 server settings card; success message, min-validation, and scopes-clearing issues from prior review are all resolved; a minor question remains around whether null durations are sent as absent (undefined) rather than explicitly cleared.
src/routes/(console)/project-[region]-[project]/settings/+page.svelte	Adds feature-flagged rendering of UpdateOAuth2Server component with correct flag evaluation pattern using account and organization stores.
src/lib/flags.ts	Adds oauth2Server feature flag following the same pattern as existing flags.
src/lib/actions/analytics.ts	Adds ProjectUpdateOAuth2Server analytics event; follows existing naming convention.
package.json	SDK bumped to hash 5c7f8e5 to pick up enum renames needed by this feature.

_{Reviews (8): Last reviewed commit: "chore: bump SDK to 666231b, fix enum ren..." | Re-trigger Greptile}