* fix(premium-fetch): retry with Clerk JWT when tester key returns 401
Widget relay keys (wm-pro-key / wm-widget-key) are valid for the relay
but may not be in WORLDMONITOR_VALID_KEYS. Rather than surfacing a 401,
fall through to Clerk JWT so Pro subscribers get access regardless of
which key set is configured in their localStorage.
Preserves tester-key-first priority: if the key is in WORLDMONITOR_VALID_KEYS
it returns directly without touching Clerk. Only the 401 path retries.
* fix(premium-fetch): narrow try/catch scope + add unit tests for auth matrix
P1 fix: the try/catch for widget-store now only wraps the dynamic import, not
the fetch call itself. Network errors and AbortErrors from the tester-key
request propagate to the caller instead of being silently swallowed and
triggering a fallback to Clerk or the unauthenticated path.
Adds _setTestProviders() seam so unit tests can inject key/token providers
without needing browser globals (localStorage, Clerk session). Tests cover:
- Passthrough when caller already sets auth header
- Tester key accepted → exactly one fetch
- Tester key 401 → falls through to Clerk JWT (two fetches, correct headers)
- Tester key 403 → returned immediately, no Clerk fallback
- AbortError from tester-key fetch propagates to caller
- No keys/Clerk → unauthenticated request forwarded
- Clerk JWT used when tester key absent
