fix(admin): accept pk/sk prefixed API keys in key validation

[ph33nx]

Problem

The settings key-format guard only matched the legacy unprefixed key shape, so it rejected the newer prefixed keys the API now issues with the notice "API key format is invalid. Get a key at roxyapi.com." A customer hit this when pasting an active sk_live_ key whose dashboard showed it as valid.

Fix

Extend the regex in SettingsFields::sanitize_encrypted_key() with an optional {pk|sk}_{live|test}_ prefix group, mirroring the API key shapes. Legacy unprefixed keys keep validating. Unknown prefixes (rk_, unknown environment, prefix with no body) stay rejected.

Verification

• Standalone regex assertion: 11 cases (legacy, sk/pk live/test accepted; garbage, rk_, sk_prod_, empty, uppercase rejected).
• Real WP runtime via wp eval: SettingsFields::sanitize() stores and round-trips legacy, sk_live, pk_live, sk_test; rejects garbage, rk_, bad-env with the invalid_api_key notice.
• Real admin UI (wp-env): pasting an sk_live_ key saves with no format error and the page reports connected.
• Real API connectivity through the plugin Client against production returns a valid reading.
• New PHPUnit coverage in test-settings-fields-sanitize.php (accept + reject data providers).
• phpcs, phpstan, pre-commit hooks green.