fix(antigravity-auth): address Oracle feedback - custom credentials, logging, docs

- Fix custom credentials to actually work in OAuth/refresh flows
  - oauth.ts: Add clientId/clientSecret parameters to buildAuthURL(), exchangeCode()
  - token.ts: Add clientId/clientSecret parameters to refreshAccessToken()
  - fetch.ts: Pass credentials to oauth/token functions
  - plugin.ts: Use closure cache for credentials, pass to all flows

- Unify console.* logging policy with ANTIGRAVITY_DEBUG guards
  - constants.ts: Document logging policy
  - tools.ts: Guard console.warn with ANTIGRAVITY_DEBUG
  - plugin.ts: Guard 4 console.error with ANTIGRAVITY_DEBUG

- Add explicit init.body type handling
  - fetch.ts: Check body type, pass-through non-string bodies
  - fetch.ts: Document body type assumption

- Document SSE buffering behavior
  - response.ts: Add warning that current implementation buffers
  - response.ts: Add TODO for future ReadableStream enhancement

🤖 GENERATED WITH ASSISTANCE OF [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

src/auth/antigravity/constants.ts

@@ -1,6 +1,20 @@
 /**
  * Antigravity OAuth configuration constants.
  * Values sourced from cliproxyapi/sdk/auth/antigravity.go
+ *
+ * ## Logging Policy
+ *
+ * All console logging in antigravity modules follows a consistent policy:
+ *
+ * - **Debug logs**: Guard with `if (process.env.ANTIGRAVITY_DEBUG === "1")`
+ *   - Includes: info messages, warnings, non-fatal errors
+ *   - Enable debugging: `ANTIGRAVITY_DEBUG=1 opencode`
+ *
+ * - **Fatal errors**: None currently. All errors are handled by returning
+ *   appropriate error responses to OpenCode's auth system.
+ *
+ * This policy ensures production silence while enabling verbose debugging
+ * when needed for troubleshooting OAuth flows.
  */
 
 // OAuth 2.0 Client Credentials