feat(devtools): add agnostic OIDC network intelligence layer

Decouple the extension from SDK-specific bridges into a network-first
OIDC/OAuth2 debugger that works standalone with any OIDC provider.

Network intelligence:
- Well-known discovery (parses .well-known/openid-configuration)
- OIDC semantic annotation (authorize, token, userinfo, etc.)
- DPoP proof detection (RFC 9449)
- PAR flow detection (RFC 9126)
- OIDC flow tracker (cross-event correlation)
- Shared JWT utils extracted from diagnosis engine

Diagnosis engine:
- 15 new rules across oidc-flow, dpop, and par categories
- Flow-level PKCE check (warns once per flow, not per event)
- Static asset filter prevents false positives on JS module loads
- URL patterns anchored to avoid matching filenames

Learn tab:
- Flow-aware layout detection (DaVinci, Journey, OIDC Code/DPoP/PAR)
- Journey-specific cards (Client -> AM Server -> Callbacks -> Result)
- OIDC cards populated from phase-specific network events
- Rail deduplicates network OIDC events by phase

Panel fixes:
- JWT decoding moved to pure Elm (base64url decoder + JSON parser)
- Response bodies captured via entry.getContent() (was missing)
- /access_token endpoint pattern added for PingAM
- Inspector OIDC tab shows phase, PKCE, DPoP, tokens, errors
- Timeline shows OIDC phase badges on network rows
- Toolbar shows connection status (SDK connected / OIDC detected)

Infra:
- Fix typedoc failing on devtools-extension (no public API entry points)
- OidcSemanticsSchema added to devtools-types
- ExtendedFlowState with oidcConfig and lastOidcEventId

Author: ryanbas21

packages/devtools-extension/README.md

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "Ping DevTools",
   "version": "0.1.0",
-  "description": "Debug ForgeRock AM and PingOne auth flows",
+  "description": "Debug OIDC/OAuth2 auth flows — works standalone or with the Ping SDK",
   "permissions": ["storage", "clipboardWrite", "clipboardRead"],
   "host_permissions": ["<all_urls>"],
   "devtools_page": "devtools.html",