#3521: fix(gemini-auth): handle mise shims and nested node_modules paths

## Context When running Moltbot in an environment where `gemini-cli` is installed via version managers like `mise` (formerly rtx), the OAuth credential extraction fails. The issue is twofold: 1. `gemini` in the PATH is often a shim (e.g., `/usr/bin/mise`), so `realpath` doesn't point to the actual node package. 2. The directory structure for global packages in these managers often nests them deeper (e.g., `.../lib/node_modules/@google/gemini-cli/...`) than the previous code expected. ## Changes - **Shim Resolution**: Added `resolveGeminiBinaryPath()` which detects if the binary is a `mise` shim and uses `mise which gemini` to resolve the true path. - **Expanded Search Paths**: Added the standard `lib/node_modules/...` structure to the search list. - **NPM Fallback**: Added a fallback to `npm root -g` to find the global installation directory if relative path traversal fails. ## Compromises - Uses `execSync` to call `mise` or `npm` as fallbacks. This introduces a slight runtime overhead during auth but ensures correctness across different environment setups. - Hardcodes the `lib/node_modules` structure, which is common but technically implementation-detail dependent for version managers. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR improves Gemini CLI OAuth credential extraction by resolving version-manager shims (notably `mise`) to the real `gemini` binary and expanding the set of candidate paths where `oauth2.js` may live (including nested `lib/node_modules/...` layouts). It also adds a fallback that shells out to `npm root -g` to locate globally-installed packages when relative traversal fails. The change is localized to `extensions/google-gemini-cli-auth/oauth.ts` and only affects how the extension discovers the bundled `oauth2.js` from an installed `@google/gemini-cli` / `@google/gemini-cli-core` package before running the existing OAuth flow. <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge, with one correctness edge case around shim resolution that can prematurely disable the new fallbacks. - Changes are small and localized, and the new search paths/fallbacks are reasonable for supporting version-manager layouts. The main concern is an unhandled `realpathSync` throw in `resolveGeminiBinaryPath`, which can negate the intended shim/fallback behavior in some real-world environments; otherwise risk is low. - extensions/google-gemini-cli-auth/oauth.ts <!-- greptile_other_comments_section --> <!-- /greptile_comment -->