fix(V2): Deribit _authenticate gestisce error envelope (no più KeyError 'result')

Quando Deribit risponde con {"error": {...}} su public/auth (creds errate,
scope mancante, env mismatch), il client esplodeva con KeyError: 'result' →
500 UNHANDLED_EXCEPTION sui tool privati (get_account_summary, get_positions).
Ora _authenticate solleva DeribitAuthError tipizzata, _request la converte
in error envelope coerente con il resto del flusso.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/cerbero_mcp/exchanges/deribit/client.py

@@ -23,6 +23,10 @@ RESOLUTION_MAP = {
 }
 
 
+class DeribitAuthError(Exception):
+    """Deribit auth failed (bad credentials, missing scope, env mismatch)."""
+
+
 @dataclass
 class DeribitClient:
     client_id: str
@@ -50,6 +54,13 @@ class DeribitClient:
         async with async_client(timeout=15.0) as http:
             resp = await http.get(url, params=params)
             data = resp.json()
+        if "result" not in data:
+            error = data.get("error", {})
+            msg = error.get("message", str(data)) if isinstance(error, dict) else str(error)
+            code = error.get("code") if isinstance(error, dict) else None
+            raise DeribitAuthError(
+                f"Deribit auth failed (code={code}, env={'testnet' if self.testnet else 'mainnet'}): {msg}"
+            )
         result = data["result"]
         self._token = result["access_token"]
         self._token_expires_at = time.monotonic() + result.get("expires_in", 900) - 30
@@ -63,7 +74,10 @@ class DeribitClient:
     async def _request(self, method: str, params: dict[str, Any] | None = None) -> dict:
         is_private = method.startswith("private/")
         if is_private:
-            await self._get_token()
+            try:
+                await self._get_token()
+            except DeribitAuthError as e:
+                return {"result": None, "error": str(e)}
 
         url = f"{self.base_url}/{method}"
         request_params = dict(params) if params else {}