[NOT READY] Add OAuth support to remaining 6 commands

[srosenthal-dd]

Summary

• Add OAuth bearer token support to the 6 remaining command files that only supported API+App key auth: authn_mappings, data_deletion, datasets, logs_restriction, obs_pipelines, and workflows
• Apply the same make_bearer_client pattern used everywhere else in the codebase, so these commands use OAuth when the user authenticates via pup auth login
• Remove stale comments about "API key auth only" / "no OAuth support"
• Follows up on PR Support OAuth auth for cost and cloud cost management commands #341 which fixed this for cost.rs

Note: some of these API endpoints do not yet support ValidOAuthAccessToken on the server side. The client-side change is still correct -- pup should always prefer OAuth and fall back to API key auth. As the server-side routes are updated to accept OAuth, these commands will automatically work without further client changes.

Test plan

• cargo check passes
• cargo test passes (744 tests)
• cargo fmt produces no changes
• datasets: OAuth token sent and accepted by server (auth succeeded), confirming the client-side plumbing works end-to-end
• authn_mappings, data_deletion, logs_restriction, obs_pipelines: OAuth token sent correctly (confirmed via server logs), but these routes don't yet accept ValidOAuthAccessToken server-side -- will need server-side route updates
• workflows: has a client-side check that blocks OAuth -- will need a separate change to remove that restriction
• Fallback path: all commands continue to work with API key auth when no OAuth token is present

🤖 Generated with Claude Code