feat: Datum Cloud authentication and client

[Frando]

This adds a Datum Cloud client with authentication over OpenID Connect.

• Adds AuthClient that can authenticate against the Datum Cloud OpenID Connect server
  • Allow to pass in previously persisted access tokens
  • If no tokens are passed in, opens the auth URL in the default browser, starts a localhost HTTP server to wait for the OAuth redirect, and then exchanges the authorization code for ID and access tokens
  • Support refreshing the access tokens via the returned refresh token
• Adds DatumCloudClient that, for now, supports fetching a user's organizations and projects
• Persists auth tokens and user profile to a oauth.yml file in the repo
• Adds a login example that demonstrates the full flow:

$ cargo run --example login
repo location: /tmp/datum-cloud-example-login
2026-01-08T08:56:10.600949Z  INFO lib::repo: opening repo at /tmp/datum-cloud-example-login
2026-01-08T08:56:12.028858Z  INFO lib::datum_cloud::auth: login succesfull email=<redacted> expires_at=2026-01-08 20:56:11 UTC
user logged in!
access token expires at 2026-01-08 20:56:11 UTC
profile: UserProfile { user_id: "351629427387406095", email: <redacted>, first_name: Some("Franz"), last_name: Some("Heinzmann") }
org: Organization { resource_id: "n0-team-org-qnusgb", display_name: "n0-team-org", type: "Standard" }
    project: Project { resource_id: "foobar-o7ni3v", display_name: "foobar" }
    project: Project { resource_id: "helloworld-yq8uun", display_name: "helloworld" }
org: Organization { resource_id: "personal-org-e4ed1423", display_name: "Franz Heinzmann's Personal Org", type: "Personal" }
    project: Project { resource_id: "testing-szrsaf", display_name: "testing" }