- Add BaseProviderHandler.validate_credentials() with default api_key check
- Implement provider-specific validate_credentials() overrides:
  - Kiro: validates creds_file/sqlite_db/token persistence (file for admin,
    DB path for users)
  - OpenAI/Anthropic/Google: validate api_key presence/format
  - Claude/Codex/Kilo/Qwen: validate OAuth2 or API key
  - Ollama: always valid (no authentication required)
- get_provider_handler() now calls handler.validate_credentials() after
  instantiation, raising ValueError on failure
- Replace all credential validation in main.py API endpoints with
  handler-level checks, removing duplicate logic
- get_provider_models() now uses get_provider_handler() for unified validation
  instead of scattered inline checks
- Remove obsolete validate_kiro_credentials() function from main.py
- All validation respects user vs admin credential storage (DB vs files)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix: use importlib.metadata.version() for version check — avoids import aisbf crash before config is set up

fix: copy config/ files to share dir on bootstrap; preserve existing user-customised configs on re-bootstrap

fix: use importlib.util.find_spec instead of import aisbf to avoid __init__.py crash on missing providers.json

fix: dynamically register all _share/ files in package_data — '**' globs in static list were silently dropped by setuptools

--system-site-packages only includes system-wide packages (/usr/lib/…);
it does NOT include user-installed packages (~/.local/lib/…).
When aisbf is installed with pip --user (or auto-detected user mode with
--break-system-packages), import aisbf fails inside the venv and the server
cannot start.

Add _link_user_site_packages() to aisbf.sh:
- Determines the user site-packages path via python3 -m site --user-site
- Writes a .pth file into the venv's site-packages directory pointing there
- Called on venv creation AND on every subsequent run (refresh after upgrades)

Also sync aisbf/aisbf.sh (the package-bundled bootstrap copy) to match.

pip's data_files extraction is unreliable for user installs with
--break-system-packages: files either land in the wrong prefix or are
silently dropped from the wheel entirely.

Fix: build_py hook in setup.py copies main.py, aisbf.sh, requirements.txt,
templates/, static/, and config/ into aisbf/_share/ at wheel-build time.
These are declared as package_data so pip always installs them to
site-packages/aisbf/_share/ regardless of install mode.

cli.py now:
- Checks all sysconfig-derived paths for a complete share directory
- Falls back to bootstrapping: copies the full aisbf/_share/ bundle to
  ~/.local/share/aisbf/ on first run if data_files were not installed
- Works for both wheel installs (uses _share/) and editable installs
  (uses the project root directly as the bundle source)
- Prints a clear error with checked paths and reinstall instructions if
  bootstrap also fails

aisbf/_share/ is gitignored (generated at build time).