fix: update OAuth tests to properly override Client Secret in private env

The test failures were caused by Client Secret values being overridden by the
private environment configuration. The update_env() function requires a second
parameter `true` to update the private environment where "Client Secret" is defined.

Changes:
- Update "Client Secret" in private environment for + character test
- Update "Client Secret" in private environment for / character test
- Keep "Client ID" and other settings in public environment

This ensures the test credentials (test:> and user123:?pass) are used instead
of the default client_secret, allowing proper testing of Base64 character handling.

Co-Authored-By: Claude (claude-sonnet-4) <noreply@anthropic.com>

Author: 🚀 Niklas Arens

tests/functional/oauth_spec.lua

@@ -265,9 +265,12 @@ describe("oauth", function()
           ["Grant Type"] = "Client Credentials",
           ["Client Credentials"] = "basic",
           ["Client ID"] = "test",
-          ["Client Secret"] = ">",
         }
 
+        update_env({
+          ["Client Secret"] = ">",
+        }, true)
+
         kulala.run()
         wait_for_requests(1)
 
@@ -308,9 +311,12 @@ describe("oauth", function()
           ["Grant Type"] = "Client Credentials",
           ["Client Credentials"] = "basic",
           ["Client ID"] = "user123",
-          ["Client Secret"] = "?pass",
         }
 
+        update_env({
+          ["Client Secret"] = "?pass",
+        }, true)
+
         kulala.run()
         wait_for_requests(1)