User PAT probe
Returns the calling user’s principal id, scopes, rate-limit tier, and a human-readable identity (user.id / username). user.id is the bare Firebase id and matches the author.id on that user’s public decks; user.username is the handle shown on the consent screen the user approved. This doubles as the userinfo endpoint for OAuth2 Bearer callers — no extra scope is required. Email is intentionally NOT returned: it is not consistently shown to the user before consent (the screen shows username, falling back to email only when username is empty, and the skip-consent re-authorization path shows neither), so exposing it to every bearer caller would leak PII a decks:read-only partner never had the user approve.