Add simulation-gateway auth client to API v1

[anth-volk]

Fixes #3496

Summary

Add the missing API v1 caller-side auth for the simulation gateway.

This introduces an Auth0 client-credentials token provider, attaches bearer auth to outbound simulation-gateway requests, validates partial GATEWAY_AUTH_* configuration at startup, and passes the four required env vars through the deploy path so App Engine can mint tokens at runtime.

[codecov]

Codecov Report

❌ Patch coverage is 95.12195% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.44%. Comparing base (e62e93a) to head (f6eaad1).
⚠️ Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
policyengine_api/libs/gateway_auth.py	94.52%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3497      +/-   ##
==========================================
+ Coverage   77.97%   78.44%   +0.46%     
==========================================
  Files          62       63       +1     
  Lines        3301     3382      +81     
  Branches      596      609      +13     
==========================================
+ Hits         2574     2653      +79     
+ Misses        562      561       -1     
- Partials      165      168       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.