fix(settings): reliable key validation + deepseek/nvidia probes

[cmullins70]

Summary

The "Check keys" button in Settings was unreliable for Anthropic and silent for DeepSeek/NVIDIA. This PR fixes both.

What was wrong

Anthropic probe (backend/main.py:1200-1214 on main) was sending a real POST /v1/messages inference call with:

• a hardcoded model claude-haiku-4-5-20251001 (returns 404 for keys whose tier doesn't include that exact model → mapped to unreachable),
• a 1-token request body (costs tokens just to validate a key),
• a 5s total timeout (TLS cold-start on slow networks pushes past this → unreachable).

For a freshly-created key with $0 credit balance, the result was a "broken" badge on a perfectly valid key.

DeepSeek and NVIDIA are first-class providers in the Settings UI (src/settings/shared.tsx:40-47), but the validator's probe-set was hardcoded as {anthropic, openai, groq}. Users with valid keys saw a permanent neutral "unchecked" badge with no signal whether their key worked.

What changed

• All providers now probe GET /v1/models — free, fast, no model-tier dependency. Anthropic uses x-api-key + anthropic-version: 2023-06-01; OpenAI/Groq/DeepSeek/NVIDIA use Bearer auth. Endpoint shape verified against the official Anthropic SDK.
• Timeout bumped to 10s total / 5s connect (covers first-request TLS handshake).
• 403 now maps to invalid_key alongside 401 (revoked/restricted keys are auth failures, not network issues).
• Added probes for DeepSeek (api.deepseek.com/v1/models) and NVIDIA (integrate.api.nvidia.com/v1/models).
• Probe-set centralised in a probeable set so _probe_provider_key and validate_settings can't drift.

Tests

New TestProviderKeyProbe class in backend/tests/test_api.py (8 cases, mocks httpx.AsyncClient):

• Per-provider: correct URL + correct auth header shape (x-api-key vs Authorization: Bearer).
• 401 and 403 → invalid_key.
• 5xx → unreachable.
• Explicit assertion that the probe never POSTs — locks in the original bug.

uv run python -m pytest tests/ → 109 passed, no regressions.

Verification

Manually verified in the desktop app via npm run tauri dev against live keys for OpenAI, Anthropic, DeepSeek, and Groq. All four now go green on first click.

Checklist

• Ran pytest backend/tests/ — 109 passed.
• Added tests for the behavior change.
• Kept the PR focused (single logical change: key-validation probe).
• No local app data, secrets, or credentials in the diff.
• No experimental/auto-apply changes.
• User impact described above.

[vercel]

@cmullins70 is attempting to deploy a commit to the Vasu-Devs' projects Team on Vercel.

A member of the Team first needs to authorize it.