set_stored_key(
provider: str,
key: str,
) -> WriteOutcomePersist an API key for provider.
Empty / whitespace-only keys are rejected so callers don't accidentally
write a sentinel that masks a working environment variable (see
apply_stored_credentials in model_config — a stored empty would
unconditionally overwrite the env var).