Fix auth_verify to accept admin/user/register secrets directly

- Check secrets (admin_secrets, user_secrets, register_secrets) before API keys
- Allow UI to authenticate with the secrets provided in .env
- Secrets now work as expected for authentication
- API keys still supported as fallback for backward compatibility

core/src/openrpc.rs

@@ -964,6 +964,34 @@ impl SupervisorRpcServer for Arc<Mutex<Supervisor>> {
         let key = get_current_api_key()
             .ok_or_else(|| ErrorObject::owned(-32602, "Missing Authorization header", None::<()>))?;
         
+        // Check if it's an admin secret
+        if supervisor.has_admin_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "Admin Secret".to_string(),
+                scope: "admin".to_string(),
+            });
+        }
+        
+        // Check if it's a user secret
+        if supervisor.has_user_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "User Secret".to_string(),
+                scope: "user".to_string(),
+            });
+        }
+        
+        // Check if it's a register secret
+        if supervisor.has_register_secret(&key) {
+            return Ok(crate::auth::AuthVerifyResponse {
+                valid: true,
+                name: "Register Secret".to_string(),
+                scope: "register".to_string(),
+            });
+        }
+        
+        // Check if it's an API key
         match supervisor.verify_api_key(&key).await {
             Some(api_key) => {
                 Ok(crate::auth::AuthVerifyResponse {