Add AppCheck limited-use token bindings

[AdamEssenmacher]

Summary

• Adds the missing AppCheck limited-use token selector limitedUseTokenWithCompletion:.
• Adds the optional provider selector getLimitedUseTokenWithCompletion: to the AppCheck provider model and exposes it on AppCheckDebugProvider, which does not inherit the model surface directly.
• Adds the targeted local E2E runtime drift case appcheck-limited-use-tokens.

Notes

This keeps the binding thin: no task wrapper or convenience helper is added. The E2E case treats native App Check configuration/platform errors as acceptable after the selector crosses the native boundary, and still fails on binding-layer issues such as missing managed API, unrecognized selector, bad marshaling, or ObjCRuntime.ObjCException.

Out of scope for this slice: unrelated AppCheck provider APIs, audit tooling, Firestore cache settings, and broader backlog cleanup.

Validation

• dotnet tool run dotnet-cake -- --target=nuget --names="Firebase.AppCheck"
• tools/e2e/run-firebase-foundation.sh --package-dir output --configuration Debug --runtime-drift-case appcheck-limited-use-tokens
• tools/e2e/run-firebase-foundation.sh --package-dir output --configuration Debug
• git diff --check

Targeted E2E result: RuntimeDrift:appcheck-limited-use-tokens passed. The native selector limitedUseTokenWithCompletion: invoked its callback and returned a native App Check platform/OS error on simulator rather than a binding-layer exception.

[AdamEssenmacher]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Kapusch]

Interesting, I didn't know about the limited token, so just for info on to what this binding just added:

The limitedUseToken is for securing requests to your custom backend services , offering replay protection. Standard App Check tokens, however, are automatically used by Firebase to secure calls to Firebase services directly. You explicitly request the limitedUseToken when needed for your own server, whereas standard tokens are typically managed behind the scenes by the Firebase SDK for Firebase APIs.

Thanks!