Handles OAuth2 token endpoint for the mock server.

Implements the client credentials flow at POST /oauth2/v1/token so that CampaignFlow.Client.TokenManager can authenticate against the mock server exactly the same way it does against production.

The mock does not verify the client_id/client_secret in the Basic auth header — it only checks that a Basic auth header and a grant_type=client_credentials body are present, then returns a fresh bearer token.