## Why

Planka now supports user-level API key authentication. The current pcli authentication uses session-based JWT tokens (via `Authorization: Bearer <token>`) with an optional OIDC httpOnlyToken cookie path. API keys are simpler, long-lived, and eliminate the need for multiple auth modes. Replacing the current auth with API key auth simplifies both the codebase and the user experience.

## What Changes

- **BREAKING**: Replace `Authorization: Bearer <token>` header with `x-api-key: <key>` header on all API requests
- **BREAKING**: Rename environment variable `PLANKA_TOKEN` → `PLANKA_API_KEY`
- **BREAKING**: Rename CLI flag `--token` → `--api-key`
- Remove `PLANKA_HTTP_TOKEN` environment variable support
- Remove `--http-token` CLI flag
- Remove `HttpOnlyToken` field from the `Client` struct and all OIDC cookie logic
- Simplify `NewClient` constructor to accept only base URL, API key, and logger

## Capabilities

### New Capabilities

(none)

### Modified Capabilities

- `api-client`: Authentication header changes from `Authorization: Bearer` to `x-api-key`. Client struct drops `HttpOnlyToken` field. `NewClient` signature simplifies. OIDC cookie logic removed.
- `cli-commands`: Root command global flags change: `--token` → `--api-key`, `--http-token` removed. Environment variable changes: `PLANKA_TOKEN` → `PLANKA_API_KEY`, `PLANKA_HTTP_TOKEN` removed.

## Impact

- **Code**: `client/client.go` (struct, constructor, `Do()` method), `cmd/root.go` (flags, env vars, client init)
- **Users**: All existing users must update their environment variables and any scripts from `PLANKA_TOKEN` to `PLANKA_API_KEY` and generate an API key in Planka
- **Dependencies**: No dependency changes
- **API**: No Planka API endpoint changes — only the authentication mechanism used by pcli changes