feat(rig-core): respect custom Authorization headers set via http_headers()

[shlaikov]

Summary

ClientBuilder::build() currently unconditionally overwrites the Authorization header with the provider's default auth scheme (e.g. Bearer). This makes it impossible to use OpenAI-compatible providers that require a different auth scheme via http_headers().

This PR adds a single contains_key check so that headers set manually via http_headers() take precedence over auto-generated ones.

Motivation

Yandex Cloud Foundation Models exposes an OpenAI-compatible API at https://llm.api.cloud.yandex.net/v1/chat/completions, but requires Authorization: Api-Key <key> instead of Bearer.

Currently the only workaround is to bypass rig entirely and use raw reqwest, or to add reqwest-middleware that rewrites the header after rig sets it — both defeat the purpose of using the library.

Change

  // rig-core/src/client/mod.rs, ClientBuilder::build()
- if let Some((k, v)) = api_key.into_header().transpose()? {
-    headers.insert(k, v);
- }
+ if let Some((k, v)) = api_key.into_header().transpose()?
+    && !headers.contains_key(&k)
+ {
+    headers.insert(k, v);
+ }

Usage after this change

let mut headers = reqwest::header::HeaderMap::new();
headers.insert(
    reqwest::header::AUTHORIZATION,
    "Api-Key my-yandex-api-key".parse().unwrap(),
);
headers.insert(
    reqwest::header::HeaderName::from_static("x-folder-id"),
    "my-folder-id".parse().unwrap(),
);

let client = openai::CompletionsClient::builder()
    .api_key("unused-but-required")
    .base_url("https://llm.api.cloud.yandex.net/v1")
    .http_headers(headers)
    .build()?;

let agent = client.agent("gpt://folder-id/yandexgpt/latest")
    .temperature(0.5)
    .build();
let response = agent.prompt("Hello!").await?;

Backwards compatibility

Fully backwards-compatible. The auto-generated header is only skipped when the user has explicitly set the same header key via http_headers(). If http_headers() is not used (the common case), behavior is identical to before.