- Update package-level documentation to reflect credential persistence
as a first-class concept
- Replace token_path-based examples with CredentialStore usage
- Add credentials module to documented public API surface
- Clarify auth vs credential persistence responsibilities
- Align design guarantees with distributed-safe authentication model
- Make MailIntakeAuthProvider generic over credential type to enforce
typed auth contracts between providers and adapters
- Refactor Google OAuth provider to use CredentialStore abstraction
instead of filesystem-based pickle persistence
- Remove node-local state assumptions from Google auth implementation
- Clarify documentation to distinguish credential lifecycle from
credential persistence responsibilities
This change enables distributed-safe authentication providers and
allows multiple credential persistence strategies without modifying
auth logic.
