fix(sync): auth and health UX improvements

Problem: Failed token exchange left credential files on disk, trapping
users in a broken auth loop with no way back to setup. The `auth`
prompt used raw backend names and a terse prompt string. The `health`
action appeared in `:Pending gcal health` tab completion but silently
no-oped outside `:checkhealth`. gcal health omitted the token check
that gtasks had.

Solution: `_exchange_code` now calls `_wipe()` on both failure paths,
clearing the token and credentials files so the next `:Pending auth`
routes back through `setup()`. Prompt uses full service names and
"Authenticate with:". `health` is filtered from sync subcommand
completion and dispatch — its home is `:checkhealth pending`. gcal
health now checks for tokens.

lua/pending/sync/oauth.lua

@@ -470,12 +470,14 @@ function OAuthClient:_exchange_code(creds, code, code_verifier, port, on_complet
   }, { text = true })
 
   if result.code ~= 0 then
+    self:_wipe()
     log.error('Token exchange failed.')
     return
   end
 
   local ok, decoded = pcall(vim.json.decode, result.stdout or '')
   if not ok or not decoded.access_token then
+    self:_wipe()
     log.error('Invalid token response.')
     return
   end
@@ -488,6 +490,12 @@ function OAuthClient:_exchange_code(creds, code, code_verifier, port, on_complet
   end
 end
 
+---@return nil
+function OAuthClient:_wipe()
+  os.remove(self:token_path())
+  os.remove(vim.fn.stdpath('data') .. '/pending/google_credentials.json')
+end
+
 ---@param opts { name: string, scope: string, port: integer, config_key: string }
 ---@return pending.OAuthClient
 function M.new(opts)