#22529: fix: strip newlines from pasted setup-tokens

## Summary - `claude setup-token` outputs tokens that may wrap across terminal lines - When pasted into the onboard wizard or `models auth` commands, embedded newlines silently truncate the token value, causing persistent 401 authentication failures - Added `normalizeSetupToken()` that strips all whitespace (including `\n`, `\r\n`) before validation and storage - Applied normalization in all three token-paste paths: onboard wizard, `models auth setup-token`, and `models auth paste-token` ## Root Cause Long OAuth tokens (`sk-ant-oat01-*`) exceed typical terminal line width. When a user pastes a token that wraps across lines, the `@clack/prompts` text input captures only the first line, silently truncating the token. The truncated token passes prefix validation but fails API authentication with a 401. ## Related Issues This fix addresses or partially addresses the following open issues: - Fixes #8733 — **Claude token paste incomplete** (exact same root cause: newline in pasted token truncates the value) - Fixes #9141 — **Configure wizard fails to save Anthropic setup token** (token truncation during onboard wizard) - Related to #9938 — **Anthropic OAuth tokens stopped working** (many 401 reports likely caused by truncated tokens) - Related to #6732 — **Anthropic token authentication misverification** (token validation issues) - Related to #17274 — **Anthropic OAuth not saving refresh token** (auth profile appears saved but token is incomplete) - Related to #19938 — **Setup-token auth broken after update** (401 errors with setup-token auth) ## Changes | File | Change | |------|--------| | `src/commands/auth-token.ts` | Added `normalizeSetupToken()` — strips all whitespace; `validateAnthropicSetupToken()` now normalizes before validating | | `src/commands/auth-choice.apply.anthropic.ts` | Use `normalizeSetupToken()` instead of `.trim()` when storing token | | `src/commands/models/auth.ts` | Same fix in `modelsAuthSetupTokenCommand` and `modelsAuthPasteTokenCommand` | | `src/commands/auth-token.test.ts` | 11 unit tests covering newline stripping, CR+LF, whitespace trim, passthrough, empty input, and full validation flow | ## Test plan - [x] 11 unit tests pass (`vitest run src/commands/auth-token.test.ts`) - [x] `pnpm check` passes (format, types, lint — zero warnings) - [x] `pnpm build` succeeds - [x] Manual: paste a token with embedded newline during `openclaw models auth setup-token` — token stored correctly with full value - [x] Manual: verified stored token in `auth-profiles.json` contains no newline and matches expected full token