Custom providers now validate their keys before you trust them

The Kaji Agent custom provider flow now validates Azure-style custom provider keys and shows the validation state in settings. Bad provider setup should be caught earlier, with clearer feedback before an agent run fails later.

• Added KajiAgentCustomProviderValidation model support
• Added KajiAgentCustomProviderValidationStatusView
• Updated custom provider editor, row, and settings section with validation state
• Updated KajiAgentStore to request and surface provider validation
• Added Swift tests for custom provider validation

Runtime-side provider validation was split into focused modules

The TypeScript runtime side now separates provider config, secrets, types, and validation logic, making the custom-provider path easier to test and extend.

• Added custom-provider-validation, custom-provider-secrets, and custom-provider-types modules
• Updated runtime RPC types and client/server handling for validation requests
• Added runtime tests for custom provider validation
• Bumped Kaji to 0.2.9