fix(security): replace openRouterImageApiKey with boolean flag in webview state

[0xMink]

Closes #11399

Summary

• getStateToPostToWebview() no longer includes the raw openRouterImageApiKey string. The webview receives only hasOpenRouterImageApiKey: boolean.
• Internal getState() retains the raw key for extension-host consumers (GenerateImageTool).
• Settings UI input is now write-only: no value binding, conditional placeholder ("Key configured" vs "Enter your key").
• Tri-state pendingImageApiKey (null = unchanged, "" = clear, "abc" = set) prevents truthiness bugs when clearing the key.
• Added regression test asserting a sentinel key value never appears in serialized webview state.

Test plan

• Existing: ClineProvider.spec.ts — 92 passed, 6 skipped
• Existing: ImageGenerationSettings.spec.tsx — 6 passed
• Existing: ExtensionStateContext.spec.tsx — 15 passed
• Existing: SettingsView.change-detection.spec.tsx — 2 passed, 2 skipped
• Existing: SettingsView.unsaved-changes.spec.tsx — 1 passed, 3 skipped
• New: regression test verifying sentinel key does not leak through getStateToPostToWebview()
• Total: 116 passed, 14 skipped across 5 test files

[roomote]

Rooviewer   See task

All previously flagged issues have been addressed. No new issues found.

• pendingImageApiKey is not reset when cachedState is reset (profile switch / settings import), which can cause a stale key to be saved unintentionally

Previous reviews

• a1756be: Review #1

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[roomote]

pendingImageApiKey is not reset when cachedState is reset elsewhere in this component. The useEffect hooks on lines 226 and 234 reset cachedState and clear changeDetected when the API config profile changes or settings are imported, but they don't call setPendingImageApiKey(null). If a user types an API key, then switches profiles (triggering the reset), and later saves another unrelated change, the stale pendingImageApiKey will be sent in the updateSettings payload, writing an unintended key.

Suggested change

	const [pendingImageApiKey, setPendingImageApiKey] = useState<string | null>(null)
	const [pendingImageApiKey, setPendingImageApiKey] = useState<string | null>(null)

The fix itself is straightforward: add setPendingImageApiKey(null) alongside setChangeDetected(false) in both useEffect blocks (lines ~228 and ~235). I didn't include a multi-line suggestion since the affected lines are spread across non-contiguous blocks.

_{Fix it with Roo Code or mention @roomote and request a fix.}