fix(migrate-tool): use apiKey+apiSecret for server-side SDK auth instead of bearer token

[dylanjeffers]

Summary

Follow-up to #14392. Switches the migrate-tool's server-side SDK initialization from a bearer token to apiKey + apiSecret (Basic auth), which is cleaner for app-level server-side operations.

The SDK's EntityManager relay call in manageEntity accepts either Authorization: Bearer <bearerToken> or Basic base64(apiKey:apiSecret). Using apiKey+apiSecret lets the developer app authenticate and sign its own requests server-side without an OAuth-derived bearer token.

Changes

• api/_lib/audius.ts — getServerSDK() now reads AUDIUS_API_SECRET and passes apiSecret to createSdkWithServices instead of bearerToken. Updated error message and doc comment.
• .env.example — AUDIUS_BEARER_TOKEN → AUDIUS_API_SECRET.
• README.md — env var documentation updated to reference the API Secret.

The unrelated ADMIN_BEARER_TOKEN escape hatch for admin endpoints is untouched.

Verification

• tsc -b passes.
• vite build passes (polyfill issue resolved by the vite-plugin-node-polyfills 0.17.0 pin from feat(migrate-tool): add track migration tool #14392).

🤖 Generated with Claude Code

[changeset-bot]

⚠️ No Changeset found

Latest commit: 52e0668

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR