get_provider_auth_status

Return credential readiness details for a provider.

Combines config, well-known provider metadata, optional provider auth, and implicit-auth provider metadata before attempting model creation:

1. Config-file providers (config.toml [models.providers.<name>]):
   • If the section declares api_key_env, that env var is checked via resolve_env_var() (which honors DEEPAGENTS_CLI_ prefixes).
   • If the section has class_path but no api_key_env, the provider is assumed to manage its own auth (e.g., custom headers, JWT, mTLS).
   • If neither api_key_env nor class_path is set, falls through to provider-specific defaults.
2. Hardcoded registry (PROVIDER_API_KEY_ENV): a module-level dict mapping well-known provider names to their canonical env var (e.g., "anthropic" → "ANTHROPIC_API_KEY"). The env var is checked via resolve_env_var().
3. Implicit auth providers (e.g., Vertex AI ADC): a missing env var is not treated as missing credentials.
4. Optional auth env vars (OPTIONAL_AUTH_ENV): when present, mark the provider as configured for hosted/cloud use.
5. No-auth-required providers (NO_AUTH_REQUIRED_PROVIDERS): default local endpoints report NOT_REQUIRED; non-local endpoints fall back to UNKNOWN so the SDK can decide.
6. Unknown providers not present in any source defer auth failures to the provider SDK.

Use has_provider_credentials() when compatibility with the historic True/False/None contract is required.