Enhancement: configure run-request command to support JWT authorization

[carloseberhardt]

Today the run request command uses the logged in user's admin key so that debug information is easily captured. However, this means that we cannot test JWT authorization with graphql requests. To remedy this we need to modify the run request command:

1. change the run request command to to support a bearer authorization header
2. we still need to pass in the admin key in order to enable the debug information: StepZen-Debug-Authorization with the apikey value

[carloseberhardt]

Technical Plan: Support JWT Authorization in run-request Command

Background:
Currently, the run-request command always uses the admin API key for authentication, which enables debug information but prevents testing of JWT-based authorization flows. The goal is to allow users to test requests with a Bearer JWT, while still passing the admin key in a debug header.

---

1. User Experience

• Prompt for Authorization Type:

  • When running a request, prompt the user to choose between:
    • Default (admin key, current behavior)
    • Bearer Token (JWT)
  • If Bearer Token is selected, prompt the user to enter/paste their JWT.

• Persist Last Choice (Optional):

  • Optionally, remember the last used auth type for convenience.

2. Request Construction

• Headers:

  • If Bearer Token is selected:
    • Set Authorization: Bearer <user-supplied JWT>
    • Set StepZen-Debug-Authorization: apikey <admin key>
  • If Default is selected:
    • Set Authorization: Apikey <admin key> (current behavior)

• Debug Information:

  • Always include the StepZen-Debug-Authorization header with the admin key when a JWT is used, to preserve debug info.

3. Implementation Steps

1. Update the run-request Command:

   • Add logic to prompt for auth type and JWT if needed.
   • Pass the selected auth type and token to the request execution logic.

2. Update RequestService and CLI Service:

   • Allow custom headers to be injected into requests.
   • Ensure both HTTP and CLI-based requests support the new header logic.

3. UI/UX:

   • Ensure prompts are clear and user-friendly.
   • Optionally, add a command palette entry for “Run GraphQL Request with JWT”.

4. Testing:

   • Test both admin key and JWT flows.
   • Verify debug information is still available when using JWT.

5. Documentation:

   • Update README and in-extension help to describe the new JWT support.

---

Summary:
This plan enables users to test JWT-protected endpoints directly from VSCode, while still capturing debug information via the admin key. It does not introduce support for multiple API keys, keeping the solution focused and user-friendly.