BUG test JWTs in test_manual_copilot_authenticator use 6-byte HMAC key, emitting 12 InsecureKeyLengthWarning per suite run

[immu4989]

What happens

Running the unit suite emits 12 InsecureKeyLengthWarning warnings per run, all originating from tests/unit/auth/test_manual_copilot_authenticator.py:

.venv/lib/python3.12/site-packages/jwt/api_jwt.py:147: InsecureKeyLengthWarning:
The HMAC key is 6 bytes long, which is below the minimum recommended length of
32 bytes for SHA256. See RFC 7518 Section 3.2.
  return self._jws.encode(...)

Root cause

tests/unit/auth/test_manual_copilot_authenticator.py:15 signs test JWTs with a 6-byte key:

def _make_jwt(claims: dict) -> str:
    """Create an unsigned JWT with the given claims for testing."""
    return pyjwt.encode(claims, key="secret", algorithm="HS256")

PyJWT (as of recent versions) emits InsecureKeyLengthWarning when an HMAC-SHA256 key is shorter than 32 bytes per RFC 7518 §3.2. Since _make_jwt is called once per test, the suite produces ~12 of these per run.

No production / security impact

ManualCopilotAuthenticator decodes tokens with verify_signature=False (pyrit/auth/copilot_authenticator.py:259), and production tokens come from Entra ID using RS256. The test key value is purely formal — any well-formed key works.

Proposed fix

Use a module-level 32-byte test constant. One-line change plus a brief comment explaining why. PR to follow.