Optional provider endpoint paired with this key.
Stored only when the user supplied one in /auth. A key and its endpoint
form a coherent pair — applying the key also applies (or, when this is
absent, resets to the provider default) the base URL, so a personal key is
never sent to a gateway it doesn't belong to. Not treated as a secret (it is
logged when malformed and surfaced in hints); avoid embedding credentials in
the URL.
