feat: Implement GitHub Copilot OAuth device-flow authentication

[LegendEvent]

Problem

Strix currently does not support GitHub Copilot-backed models. To use Copilot models, we need to implement OAuth device-flow authentication similar to VS Code's Copilot integration.

Proposed Solution

Implement a new authentication module strix/llm/copilot_auth.py that:

1. OAuth Device Flow: Initiate GitHub's OAuth device-flow to obtain a refresh token without requiring a web-based login flow that blocks CI/CD.
2. Token Management: Store refresh tokens securely at $XDG_CONFIG_HOME/strix/copilot_auth.json (or ~/.config/strix/copilot_auth.json).
3. Token Exchange: Exchange refresh tokens for short-lived access tokens via GitHub's Copilot API.
4. Non-interactive Support: Allow CI/CD environments to provide pre-provisioned tokens via environment variables:
   • STRIX_COPILOT_ACCESS: ready-to-use access token
   • STRIX_COPILOT_TOKEN: refresh token to be exchanged
   • STRIX_COPILOT_ENTERPRISE: enterprise domain (optional)
5. Enterprise Support: Support enterprise Copilot deployments with custom domains.

Implementation Details

See PR #224 for the complete implementation, which includes:

• New module strix/llm/copilot_auth.py with device flow, token storage, and exchange logic
• Integration with strix/llm/llm.py to use Copilot tokens when STRIX_LLM starts with github-copilot/
• CLI support via --non-interactive flag that respects env vars and fails fast without them
• Unit tests for auth flows and env var handling
• Documentation in README.md

Testing

• Unit tests verify env var paths and non-interactive fail-fast behavior
• Tests pass under Poetry
• Pre-commit hooks (ruff, mypy, bandit) pass

Related

• PR: feat(ci): support STRIX_COPILOT_TOKEN/STRIX_COPILOT_ACCESS for non-interactive Copilot auth #224

[LegendEvent]

This feature was added with the assistance of AI (LLM).

[LegendEvent]

Marking issue #225 as duplicate of this issue (it had incorrect framing).