refactor(cred_proxy): flat routes, role-driven provisioning (PRD 0010)

Replace bottle.tokens (with Kind enum and hardcoded per-kind
route/auth tables) with bottle.cred_proxy.routes — each route
declares its own path, upstream, auth_scheme, token_ref, and
optional role[]. The manifest is now the source of truth for the
proxy's runtime route table; adding an upstream is a manifest edit,
not a code change.

Agent-side rewrites move from per-kind dispatch to per-role tags
on routes:
  anthropic-base-url -> set ANTHROPIC_BASE_URL=<proxy><path>
  npm-registry       -> write ~/.npmrc registry=
  git-insteadof      -> write ~/.gitconfig [url] insteadOf, keyed
                        off route.upstream (suppressed when
                        bottle.git brokers the same host)
  tea-login          -> add a ~/.config/tea/config.yml login

Roles are a list (string accepted as sugar). A gitea route
typically carries ["git-insteadof", "tea-login"]. Singleton roles
(anthropic-base-url, npm-registry) appear on at most one route.

token_env slots are assigned per distinct TokenRef in declaration
order — two routes sharing a token_ref (e.g. github API + git
endpoints) share a slot.

Drops: TOKEN_KINDS, _KIND_ROUTES, _KIND_AUTH_SCHEME, _TOKEN_DEFAULT_HOST,
cred_proxy_route_path_for_gitea, the kind field on CredProxyUpstream,
and the kind-based hardcoding in pipelock_token_hosts (now derives
from route.UpstreamHost).

Legacy bottle.tokens manifests now die with a hint pointing at
bottle.cred_proxy.routes + this PRD. Tests rewritten end-to-end.
Docs + example.json + the dev ~/claude-bottle.json updated to match.

claude_bottle/backend/docker/bottle_plan.py

@@ -107,16 +107,11 @@ class DockerBottlePlan(BottlePlan):
         else:
             info("  git remotes   : (none)")
         if self.cred_proxy_plan.upstreams:
-            kinds: list[str] = []
-            seen: set[str] = set()
-            for u in self.cred_proxy_plan.upstreams:
-                key = u.kind if u.kind != "gitea" else f"gitea ({u.upstream})"
-                if key in seen:
-                    continue
-                seen.add(key)
-                kinds.append(key)
+            routes = [f"{u.path}→{u.upstream}" for u in self.cred_proxy_plan.upstreams]
             refs = sorted({u.token_ref for u in self.cred_proxy_plan.upstreams})
-            info(f"  cred-proxy    : {', '.join(kinds)}; tokens: {', '.join(refs)}")
+            info(f"  cred-proxy    : {len(routes)} route(s); tokens: {', '.join(refs)}")
+            for line in routes:
+                info(f"                  {line}")
         else:
             info("  cred-proxy    : (none)")
         info(f"  egress        : {self.allowlist_summary}")
@@ -153,11 +148,11 @@ class DockerBottlePlan(BottlePlan):
             ],
             "cred_proxy": [
                 {
-                    "kind": u.kind,
                     "path": u.path,
                     "upstream": u.upstream,
                     "auth_scheme": u.auth_scheme,
                     "token_ref": u.token_ref,
+                    "roles": list(u.roles),
                 }
                 for u in self.cred_proxy_plan.upstreams
             ],