`set-key` command fails with "requires an API key" before it can store one

[Sephyi]

Bug Report

CommitBee Version: v0.6.0-rc.1 (development)
LLM Provider: Anthropic (also affects OpenAI)
Model: Any cloud model

What happened?

Running commitbee set-key anthropic fails with a config validation error because it checks for an API key during startup — before the set-key command has a chance to store one.

❯ commitbee set-key anthropic
commitbee::config::error

  × Configuration error: anthropic requires an API key. Set COMMITBEE_API_KEY,
    ANTHROPIC_API_KEY, or store securely with: commitbee config set-key anthropic

The error message tells the user to do the exact thing they're already trying to do.

Expected behavior

commitbee set-key anthropic should prompt for an API key and store it in the system keychain without requiring a key to already be present.

Root cause

Config::load() calls validate() unconditionally for all commands. The API key check in validate() rejects the config before set-key can run. Commands that don't invoke the LLM (set-key, get-key, init, config, completions, hook) should not require a valid API key.

Secondary issue: If the user's config file has provider = "ollama" (default) but they pass --provider anthropic via CLI, the keyring lookup ran before apply_cli(), so it searched the keyring for the wrong provider name.

Steps to reproduce

1. Configure provider = "anthropic" in config (or pass --provider anthropic)
2. Do NOT set COMMITBEE_API_KEY or ANTHROPIC_API_KEY
3. Run: commitbee set-key anthropic
4. See error instead of key prompt

Fix

Two changes in config.rs:

1. Move apply_cli() before API key resolution — ensures --provider flag is applied before keyring/env var lookup uses the provider name
2. Skip API key validation for non-LLM commands — validate() accepts the command and only checks for API key when the command actually needs the LLM (default generate command, doctor)