DB: Add `credential_bodies` Table

[elias-ba]

Description
Introduce a new table credential_bodies to support per-environment storage of credentials. Today, secrets live in credentials.body, which prevents clean multi-environment usage. Moving bodies into a dedicated table allows multiple entries per credential, each identified by an environment name like "main", "staging", or "prod".

The table should include the credential reference, the environment name, the encrypted body, optional properties, and timestamps. A uniqueness constraint on (credential_id, name) ensures there’s at most one body per environment. As part of the migration, every existing credential will get a "main" body populated from the current credentials.body.

Since OAuth tokens must also align with environment-specific bodies, extend oauth_tokens with a nullable credential_body_id. During the same migration, link existing tokens to the "main" body. A later cutover (handled in a separate issue) will make this field required and allow dropping credentials.oauth_token_id.

Acceptance Criteria

• credential_bodies exists with (credential_id, name) unique.
• All existing credentials have a "main" body backfilled from credentials.body.
• oauth_tokens.credential_body_id is present and backfilled to the "main" body.
• No application behavior changes are required by this migration alone (runtime read logic will be handled in the context issue).