Add opt-in proactive auto-switch policy for perishable safe capacity

[txhno]

Summary

codex-auth currently auto-switches only after the active account drops below configured 5h/weekly thresholds, and candidate ranking is based mostly on the weaker remaining limit.

I want to propose an opt-in auto policy that proactively rotates across accounts by spending the most perishable safe capacity first, while still protecting accounts that are close to exhaustion.

Proposed behavior

Add a new auto policy setting under existing config auto, for example:

• codex-auth config auto --policy threshold (current behavior, default)
• codex-auth config auto --policy auto (new behavior)

The new auto policy would:

• use only these inputs per account:
  • r5: fraction of 5h remaining
  • t5: hours until 5h reset
  • rw: fraction of weekly remaining
  • tw: hours until weekly reset
• define:
  • health = min(r5, rw)
  • burn = (r5 / max(t5, 0.25)) + 0.35 * (rw / max(tw, 1.0))
• classify accounts into tiers:
  • healthy + reserve-safe
  • healthy
  • weak
  • dead-ish fallback
• select:
  • highest burn among healthy tiers
  • highest health among weak/fallback tiers

Safety goals

• spend capacity that will reset sooner before it expires unused
• suppress accounts whose weaker limit is already dangerous
• avoid collapsing all accounts below a reserve threshold together
• keep this fully deterministic and prompt-independent

Scope

• opt-in only
• no default behavior change
• stays within existing usage window data already tracked by codex-auth

If this direction sounds acceptable, I can send a PR that keeps the current threshold policy as the default and adds the proactive policy as a separate mode.