feat(provider): github copilot provider

[watermarkhu]

Brings GitHub Copilot provider support to cc-switch-cli with full parity to the farion1231/cc-switch desktop app. Adds device-code OAuth login,
per-request JWT injection in the proxy, the optimizer that keeps premium-quota usage sane, and live model-ID normalization.

Mirrors upstream commits 8ccfbd36 (initial Copilot proxy), 25136871
(optimizer), 87635e7f (GHES), 63aa3105 (strip thinking),
fcd83ee3 (live /models resolution).

What's new

cc-switch copilot login    [--domain <GHES>] [--no-provider]
cc-switch copilot logout   [--account-id <ID>]
cc-switch copilot accounts
cc-switch copilot set-default <ACCOUNT_ID>
cc-switch copilot status

Plus a "GitHub Copilot" template in the TUI / interactive provider add flow.

Request flow

1. copilot login → device-code OAuth → ~/.cc-switch/copilot_auth.json (v3 multi-account, 0o600).
2. provider switch <copilot-id> → ~/.claude/settings.json gets PROXY_MANAGED placeholder + local proxy URL. Real JWT never hits disk.
3. Per request: proxy detects meta.providerType == "github_copilot", normalizes model IDs, runs optimizer pipeline (classify → sanitize → merge → strip-thinking → warmup-downgrade), swaps
   PROXY_MANAGED for a real JWT via CopilotService::get_valid_token_for_account, injects fingerprint + optimizer headers (Editor-Version, x-initiator, x-request-id, etc.), forwards to
   api.githubcopilot.com or the GHES endpoint.
4. Defense: reject_proxy_placeholder_for_managed_account_upstream blocks Bearer PROXY_MANAGED from ever reaching Copilot.

Ports from upstream

File	Source
proxy/copilot_optimizer.rs (new, 1543 lines)	upstream — verbatim
proxy/providers/copilot_model_map.rs (new, 374 lines)	upstream — verbatim
services/copilot.rs (new)	modeled on services/codex_oauth.rs and commands/copilot.rs
proxy/types.rs — CopilotOptimizerConfig	upstream types.rs#L278-L327
proxy/forwarder/request_builder.rs rewrite	upstream forwarder.rs#L960-L1084, placeholder guard from #L2184

Resolves #91

[SaladDay]

Heads up: main now has the shared managed-proxy foundation from the Codex work in 1cd7eb55.

The Copilot implementation can reuse the Managed Accounts entry, auth-binding/provider metadata flow, request-time managed-token path, daemon-owned proxy workers, and TUI restart state capture instead of adding a parallel lifecycle/auth surface. Copilot-specific OAuth/JWT/optimizer behavior still needs its own review.

[SaladDay]

Thanks @watermarkhu for the detailed Copilot provider work and the upstream references.

GitHub Copilot provider/proxy support has now landed in main and shipped in v5.8.0 through the maintained implementation path. It includes managed Copilot auth, model normalization, request routing, and the request optimizer.

I am closing this PR as superseded by the merged mainline implementation, not because the feature request was rejected. Thanks again for pushing this forward.

[watermarkhu]

Good to see it landed ♥️