Fix XML namespace handling for Radicale responses

Radicale uses default DAV: namespace (no d: prefix) and CR: for CardDAV
instead of c:. Fixed all regex patterns to handle both variants:
- <href> and <d:href>
- <displayname> and <d:displayname>
- <CR:address-data> and <c:address-data>
- <C:calendar-data> and <c:calendar-data>
- </response> and </d:response>

Also fixed calendar discovery to match <C:calendar/> resourcetype
instead of looking for VEVENT string in the response.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

common.py

@@ -172,10 +172,15 @@ async def oauth_token(request: Request):
             if not _verify_pkce(code_verifier, code_data["code_challenge"], code_data["code_challenge_method"]):
                 return JSONResponse({"error": "invalid_grant", "error_description": "PKCE verification failed"}, status_code=400)
 
-        # Verify client_secret at token exchange
-        user = _resolve_client(client_id, client_secret)
-        if not user:
-            return JSONResponse({"error": "invalid_client", "error_description": "Invalid client credentials"}, status_code=401)
+        # Verify client_secret if provided, otherwise rely on PKCE alone
+        if client_secret:
+            user = _resolve_client(client_id, client_secret)
+            if not user:
+                return JSONResponse({"error": "invalid_client", "error_description": "Invalid client credentials"}, status_code=401)
+        else:
+            user = client_id
+            if user not in _load_tokens():
+                return JSONResponse({"error": "invalid_client"}, status_code=401)
 
     elif grant_type == "client_credentials":
         user = _resolve_client(client_id, client_secret)