feat: support OAuth token via JSON string flag (-tokenJSON)

[dandaka]

Summary

• Add CacheString type in oauth.go that implements the Cache interface using an in-memory JSON string instead of a file
• Add -tokenJSON flag to pass OAuth token as a JSON string (alternative to -cache file)
• Add -tokenOut flag to control where refreshed tokens are written: stdout, stderr (default), or a file path
• Refreshed tokens are prefixed with REFRESHED_TOKEN= for easy parsing by callers

Motivation

Currently the tool requires a writable file (-cache) to store and refresh OAuth tokens. This forces tokens to live on disk, which is a security concern for CI/CD pipelines, ephemeral environments, and setups using secret managers (Infisical, Vault, etc.).

Usage

# Read token from env, upload, capture refreshed token on stdout
youtubeuploader -tokenJSON "$YOUTUBE_TOKEN" -tokenOut stdout \
  -filename video.mp4 -title "My Video" 2>upload.log

# Default: refreshed token goes to stderr
youtubeuploader -tokenJSON "$YOUTUBE_TOKEN" -filename video.mp4

Breaking changes

None — purely additive. Existing -cache behavior is completely unchanged.

Test plan

• CacheString.Token() parses valid JSON token
• CacheString.Token() returns error on invalid JSON
• CacheString.PutToken() writes to stderr (explicit)
• CacheString.PutToken() writes to stderr (default when output is empty)
• CacheString.PutToken() writes to stdout
• CacheString.PutToken() writes to file
• go build ./... succeeds
• go test ./... passes

🤖 Generated with Claude Code