feat: add Google Vertex AI service account JSON authentication

[sandys]

Add support for authenticating to Google Vertex AI using service account JSON credentials, with proper credential separation from regular Google (Gemini) API keys.

Google Cloud actively makes it hard to use api keys with Vertex - with a complicated permission grant structure. The preferred mechanism is service accounts with json tokens. Not supporting it is a huge problem.

Changes:

• Add service account JSON auth flow in CLI (opencode auth login)
• Add TUI dialog for pasting service account JSON with location input
• Update provider loaders to use stored credentials with googleAuthOptions
• Explicitly set key: undefined and apiKey: null in Vertex loaders to prevent credential leakage from other providers
• Rename "Vertex" to "Google Vertex AI" consistently across UI:
  • /connect menu
  • Model selection dialog
  • Status bar below text entry
• Add comprehensive tests verifying credential separation between google, google-vertex, and google-vertex-anthropic providers

The three providers (google, google-vertex, google-vertex-anthropic) are now completely independent and can be configured simultaneously without credentials leaking between them.

for issues #5712 #6280 #5711 #3586 #5097 #4282 #272 #553 #402 #1204