Enable type-aware linting and replace biome-ignore with oxlint-disable

- Enable typeAware option and no-explicit-any (error) in vite.config.ts
- Ignore generated binding files from linting
- Convert all 96 biome-ignore comments to oxlint-disable equivalents
- Add suppression comments for 3 previously uncovered any usages

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/auth-oauth2/src/fetchAccessToken.ts

@@ -71,7 +71,7 @@ export async function fetchAccessToken(
     throw new Error(`Failed to fetch access token with status=${resp.status} and body=${body}`);
   }
 
-  // biome-ignore lint/suspicious/noExplicitAny: none
+  // oxlint-disable-next-line no-explicit-any
   let response: any;
   try {
     response = JSON.parse(body);

plugins/auth-oauth2/src/getOrRefreshAccessToken.ts

@@ -91,7 +91,7 @@ export async function getOrRefreshAccessToken(
     throw new Error(`Failed to refresh access token with status=${resp.status} and body=${body}`);
   }
 
-  // biome-ignore lint/suspicious/noExplicitAny: none
+  // oxlint-disable-next-line no-explicit-any
   let response: any;
   try {
     response = JSON.parse(body);

plugins/auth-oauth2/src/grants/clientCredentials.ts

@@ -53,6 +53,7 @@ function buildClientAssertionJwt(params: {
     signingKey = secret;
   } else if (trimmed.startsWith('{')) {
     // Looks like JSON - treat as JWK. There is surely a better way to detect JWK vs a raw secret, but this should work in most cases.
+    // oxlint-disable-next-line no-explicit-any
     let jwk: any;
     try {
       jwk = JSON.parse(trimmed);