Document remoting authentication improvements and API key support

[michaellwest]

Scope

Update remoting.md to cover:

• Auth failures now return 401 instead of 500
• HS512 JWT support
• iat/nbf claim validation
• Configurable token lifetime
• New API key authentication with guidance to prefer API keys over SharedSecret

Update security/web-services.md if applicable. Mark as "Updated in SPE 9.0".

References

• SharedSecretAuthenticationProvider returns 500 instead of 401 for auth failures Console#1421
• Enhance JWT authentication for MCP server compatibility Console#1420
• Remoting Policies — item-based CLM, command allowlists, and approved scripts for SPE remoting Console#1426

Files

• remoting.md
• security/web-services.md