Add unit tests for resolveApiKeyFromAuthProfile covering the four
resolution branches: api_key profile returns the plaintext key,
oauth/token-only providers return undefined, providers with no profile
return undefined, and keyRef-only (no plaintext) profiles are skipped.
Also covers the older-host case where the provider-auth SDK subpath is
unavailable.
To keep the test self-contained (no real OpenClaw install or on-disk
auth-profile store), resolveApiKeyFromAuthProfile gains an optional
fourth parameter to inject a fake provider-auth SDK loader. Production
callers pass three arguments and keep loading the real SDK via require.
Signed-off-by: MicroGrey <changyuhang@outlook.com>