aibridgeproxy: RFC for authenticating tunneled traffic

[ssncferreira]

Document an RFC to decide how to handle the authentication of tunneled traffic in AI Bridge Proxy.

Currently, tunneled CONNECT requests (non-allowlisted traffic) pass through the proxy without authentication. An initial implementation was proposed in coder/coder#22339 (validating Coder session tokens against the Coder API), but there are tradeoffs around performance and the runtime dependency on coderd that warrant a design discussion. The RFC should evaluate different approaches (e.g., per-request token validation, shared proxy key) and document the chosen design.