fix: hide credential validation test switch

[cesarenaldi]

Linear: DEV-123

Summary:

• Remove validate_credentials from public secure client factory signatures.
• Keep the validation bypass on the private create helper used by tests.
• Update tests to use the private path.

Verification:

• uv run pytest tests/unit
• uv run pyright
• uv run ruff check .
• uv run ruff format --check .

---

Note

Low Risk
Public construction still validates credentials by default; only the documented factory surface and test call sites change.

Overview
Removes validate_credentials from the public SecureClient.create and AsyncSecureClient.create signatures so callers can no longer skip API credential checks at construction time. The real factory logic moves to private _create, which still supports validate_credentials; public create always delegates with validation enabled (True).

Unit and integration tests that need fake credentials without a live auth probe now call _create(..., validate_credentials=False) instead of the public factory. A new test asserts validate_credentials is absent from the public create signatures via inspect.signature.

Default behavior for SDK users is unchanged: provided credentials are still validated unless tests use the private path.

^{Reviewed by Cursor Bugbot for commit 78a2228. Bugbot is set up for automated code reviews on this repo. Configure here.}

[linear]

DEV-123 Hide credential validation test switch from Python SDK public API

Remove validate_credentials from the public secure client factory surface and keep the bypass test-only.

Review in Linear