feat(headless-login): add jwks cache visibility and refresh flow

- replace inline headless jwks support with jwksUri-only validation
- add cached jwks refresh worker, manual refresh/revoke endpoints, and parsed key summaries
- expose allowed algorithms and key previews in DevFront with regression coverage

devfront/src/locales/template.toml

@@ -402,11 +402,19 @@ guide_step_1 = ""
 guide_step_2 = ""
 guide_step_3 = ""
 headless_help = ""
-jwks_inline_help = ""
 jwks_uri_help = ""
 request_object_alg_help = ""
-source_help = ""
+allowed_algorithms_help = ""
 subtitle = ""
+cache_empty = ""
+cache_help = ""
+cache_parsed_keys_help = ""
+cache_parsed_keys_empty = ""
+cache_refresh_failed = ""
+cache_refreshed = ""
+cache_revoke_confirm = ""
+cache_revoke_failed = ""
+cache_revoked = ""
 
 [msg.dev.clients.general.public_key.validation]
 headless_requires_alg = ""
@@ -1406,16 +1414,25 @@ guide_toggle = ""
 headless_disabled = ""
 headless_enabled = ""
 headless_toggle = ""
-jwks_inline = ""
-jwks_inline_placeholder = ""
 jwks_uri = ""
 jwks_uri_placeholder = ""
 request_object_alg = ""
 request_object_alg_placeholder = ""
-source = ""
-source_uri = ""
+allowed_algorithms = ""
 title = ""
 validation_title = ""
+cache_error = ""
+cache_cached_at = ""
+cache_expires_at = ""
+cache_failures = ""
+cache_kids = ""
+cache_last_checked_at = ""
+cache_last_success = ""
+cache_parsed_keys = ""
+cache_parsed_key_n = ""
+cache_status = ""
+cache_uri = ""
+revoke_cache = ""
 
 [ui.dev.clients.help]
 docs_body = ""