feat: Allow hard-coded redirect URL

[jpage-godaddy]

The external CLI's OAuth clients are configured to only allow callback URLs that contain a specific port & "localhost" (not 127.0.0.1) as the hostname. Allow that to be specified to avoid the OAuth webpage showing a 403 error.

#authz-support thread for context.

[Copilot]

Pull request overview

Adds an optional with_redirect_uri builder to PkceAuthProvider so the OAuth redirect_uri sent to the authorization server (and used during code exchange) can be overridden — e.g., to use http://localhost:{port}/callback for OAuth clients that allowlist localhost instead of 127.0.0.1. The local callback listener still binds to 127.0.0.1; only the port and callback path are derived from the configured URI, and wait_for_callback now validates the request path against the configured callback path.

Changes:

• New redirect_uri: Option<String> field with with_redirect_uri builder, plus effective_redirect_uri/parse_redirect_uri helpers used in both run_pkce_flow and exchange_code_for_token.
• wait_for_callback takes an expected_path argument and returns 404 for non-matching paths, with a new extract_request_path helper.
• Unit tests covering default URI, override behavior, port/path parsing, and request path extraction.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.