Feature/dynamic credential overrides

[yugborana]

[!IMPORTANT]

Fixes #35440

Summary

Added support for dynamic, per-request LLM credential overrides across all major API endpoints. This feature allows API consumers to pass custom credential IDs at runtime, which temporarily override the workspace's default LLM credentials (like API keys) for the duration of that specific workflow or chat execution.

Motivation and Context

Previously, all workflow and chat executions in Dify were rigidly bound to the default LLM credentials configured at the workspace level. This caused a significant limitation for developers building multi-tenant SaaS applications on top of Dify, as they were forced to absorb all LLM billing costs centrally.

By allowing credential_overrides in the API payload, applications can now dynamically inject their own end-users' API keys into the Dify execution context. This enables Bring-Your-Own-Key (BYOK) architectures and direct usage billing, vastly improving Dify's flexibility as an orchestration backend without requiring architectural changes to the frontend apps.

Screenshots

Checklist

• This change requires a documentation update, included: Dify Document
• I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
• I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
• I've updated the documentation accordingly.
• I ran make lint && make type-check (backend) and cd web && pnpm exec vp staged (frontend) to appease the lint gods

[yugborana]

@crazywoola