(feature): Add OAuth YAML and validator

[amckinney]

This builds upon the changes introduced in #3373, but refactors the YAML schema and introduces the fern check rule to match.

For now, we only support the client-credentials authorization flow, but the schema is written as a union so it is easy to add to as we go (e.g.authorization-code, pkce, etc). A full configuration can be seen below:

name: api
imports: 
  auth: auth.yml

auth: OAuthScheme
auth-schemes:
  OAuthScheme:
    scheme: oauth
    type: client-credentials
    get-token:
      endpoint: auth.getTokenWithClientCredentials # Assumes the auth.yml file defines this endpoint.
      response-properties: 
        access-token: $response.access_token
        expires-in: $response.expires_in
    refresh-token:
      endpoint: auth.refreshToken                  # Assumes the auth.yml file defines this endpoint.
      request-properties:
        refresh-token: $request.refresh_token
      response-properties:
        access-token: $response.access_token
        expires-in: $response.expires_in
        refresh-token: $response.refresh_token

For consistency with the rest of the Fern definition, the keys are written in kebab-case. Several of the OAuth values can eventually be set with default values (e.g. access-token defaults to $response.access_token), but the full configuration is required to start.

We will follow-up with the IR changes in a separate PR, but a lot of the logic introduced here can be shared there (e.g. the EndpointResolver).