Provider-based authentication for Claude, Copilot, Codex.

[dsyme]

1. Our docs barely mention "CLAUDE_CODE_OAUTH_TOKEN" but it seems it is, in some sense, supported. But it's unclear how - the line

		"CLAUDE_CODE_OAUTH_TOKEN": "${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}",

seems to indicate that the CLAUDE_CODE_OAUTH_TOKEN should be stored as a secret but that should really be documented more

2. We need to consider provider-based auth for Claude and Codex and Copilot. The claude provider-based authetication is here: https://code.claude.com/docs/en/authentication#cloud-provider-authentication

If we do we will also need to reconsider a few things in gh aw secrets bootstrap and gh aw add-wizard and so on. For example, if we add a workflow that is clearly using provider-based authentication then we really don't need any secret at all for that particular workflow - but may need an APP_ID or similar.