Credential lifecycle

Manage API keys, ownership metadata, scopes, and rotation windows for the control plane.