[MCP] Add the ability to explicitly specify a credentials store

[gpeal]

This lets users/companies explicitly choose whether to force/disallow the keyring/fallback file storage for mcp credentials.

People who develop with Codex will want to use this until we sign binaries or else each ad-hoc debug builds will require keychain access on every build. I don't love this and am open to other ideas for how to handle that.

mcp_oauth_credentials_store = "auto"
mcp_oauth_credentials_store = "file"
mcp_oauth_credentials_store = "keyrung"

Defaults to auto

[gpeal]

@codex review this

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. More of your lovely PRs please.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

• @codex fix this CI failure
• @codex address that feedback

[bolinfest]

This implies we are guaranteed to support only one keyring service per OS. Does that feel future-proof?

[gpeal]

I think we could achieve that with a second level field like keyring_provider but it's hard to know exactly what we'll want in the future here.

[bolinfest]

I find it a bit hard to follow why some functions take a KeyringStore and others inline RealKeyringStore.

I would expect taking it as a param (or expanding the trait to have more methods, which can have default implementations) to be more common.

[gpeal]

The public one doesn't take a store, then there is an internal wrapper that takes the store as a param so the public API can pass in the default impl while tests can pass in a mock. tl;dr it's for unit tests.