prioritize custom auth headers & prevent automatic overwrite in remote providers

[RaajeevChandran]

Summary

This PR fixes an authentication bug where manually provided Authorization headers (defined in Advanced > Custom Headers) were being silently overwritten by the automatic Bearer token generation during chat requests. This was causing HTTP 401 errors for providers like OpenRouter that require specific header configurations.

Changes

• Updated RemoteProvider.resolvedHeaders() to only apply default authentication headers if the user hasn't already provided a custom override for that specific header.

• Applied the same prioritization logic to the "Test Connection" method in RemoteProviderManager to ensure the settings test accurately reflects actual chat behavior.

• Also improved compatibility for Anthropic (x-api-key) and Gemini (x-goog-api-key) by ensuring their automatic headers also respect manual overrides.

• Behavior change

• UI change (screenshots below)

• Refactor / chore

• Tests

• Docs

Test Plan

• Add OpenRouter as a provider and specify a custom Authorization header in Advanced > Custom Headers. Verify the request uses the manual header instead of the default Bearer format.
• Confirm that both the "Test Connection" button in Settings and actual Chat completions succeed with the same custom header configuration.
• Verify that custom x-api-key (Anthropic) and x-goog-api-key (Gemini) headers are also respected as manual overrides
• Ensure that custom headers marked as "Secret" are correctly retrieved and applied during chat sessions.

Checklist

• I have read CONTRIBUTING.md
• I added/updated tests where reasonable
• I updated docs/README as needed
• I verified build on macOS with Xcode 16.4+