refactor: drop X-TD header prefix

[goncalossilva]

Summary

• Rename CLI request metadata headers to request-id, session-id, and cli-command.
• Update usage tracking tests and codebase docs for the new header contract.

Follow-up to #302.

These headers are newly added and not actively consumed yet, so this is a relatively safe time to rename them.

Reasoning

• On dropping X-, RFC 6648 published in 2012, actively discourages X- prefixes, reverting previous guidance, for reasons explained in the RFC.
• On dropping TD-, it's for a similar reason, this is generic request metadata rather than Todoist-specific fields. That said, this one is more nuanced, and I'm happy to revert this part. More subjective.
• On lowercasing, because header names are already case insensitive, HTTP/2 effectively requires lowercase header names on the wire, and many fetch/headers implementations normalize to lowercase anyway.

[Copilot]

Pull request overview

Refactors the CLI’s outbound request metadata header contract by renaming the previously introduced X-TD-* headers to unprefixed, lowercase equivalents, and updates tests/docs accordingly. This aligns with RFC 6648 guidance against X- prefixed headers and standardizes header casing.

Changes:

• Renamed usage-tracking headers to request-id, session-id, and cli-command.
• Updated usage tracking, OAuth, and legacy auth migration tests to assert the new header names.
• Updated CODEBASE.md documentation to reflect the new header contract.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/lib/usage-tracking.ts	Renames the three request metadata headers produced by buildUsageTrackingHeaders().
src/lib/usage-tracking.test.ts	Updates unit/integration-style tests to assert the new header keys in both direct and merged/fetch paths.
src/lib/oauth.test.ts	Updates OAuth exchange test expectations for the renamed headers.
src/lib/migrate-auth.test.ts	Updates legacy auth migration test expectations for the renamed headers.
CODEBASE.md	Updates documentation to describe the new header names.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[doistbot]

This PR cleans up the CLI request metadata by removing the X-TD prefix and switching to lowercase header names to better align with modern HTTP standards. While this nicely modernizes the network layer before the headers are actively consumed, using generic names like request-id risks silent collisions with existing proxy or caller-supplied tracing headers since they are unconditionally overwritten during merge. Additionally, updating the exact header contract in CODEBASE.md introduces unnecessary churn, as that file is intended to serve as a broad structural map rather than a detailed behavior reference.

_{Share Feedback • Review Logs}