Problem: the CSES API token was packed into the git credential
password field using a tab separator. This leaked session state
into the credential layer and broke with helpers that don't
differentiate by path (e.g. `cache`).
Solution: store the CSES token via `save_platform_cookies`/
`load_platform_cookies`, the same mechanism every other platform
uses for session state. Remove all token logic from
`git_credential.lua`. Git credential now stores only
`{username, password}` uniformly for all platforms.
Problem: the CSES API token was stored as a separate git credential
entry using `path=api-token`, but many credential helpers (e.g.
`cache`) ignore the `path` field, so the token was lost on
retrieval. The scraper `on_event` callback also called
`git_credential.store` from a `uv.spawn` fast event context,
causing `vim.wait` errors.
Solution: encode the CSES token into the password field as
`password<TAB>token` and decode on retrieval. One credential
entry per platform, no `path` dependency. Wrap `store` calls in
`scraper.lua` with `vim.schedule` to avoid fast event context.
Problem: if no git credential helper is configured, login and
submit silently fail to persist credentials.
Solution: add `has_helper()` to `git_credential.lua` that checks
`git config credential.helper`. Guard the top of `login()`,
`logout()`, and `submit()` with an early-return error. Add a
healthcheck warning when no helper is configured. Add LuaCATS
annotations to all `git_credential` functions.
Problem: credentials were stored as plaintext JSON in the cache
file, with no integration with system credential managers.
Solution: add `lua/cp/git_credential.lua` wrapping the
`git credential fill/approve/reject` protocol. Maps each platform
to its host, handles CSES token as a second entry with
`path=api-token`.
