feat(providers): add Kraken exchange sync (#1759)

* feat(providers): add Kraken exchange sync

Adds family-scoped Kraken API-key connections, read-only balance and trade import, account setup/linking flows, provider status wiring, and focused test coverage.

Closes #1758

* test(providers): avoid Kraken sample secret false positive

* fix(providers): address Kraken review findings

* fix(providers): address Kraken review cleanup

* test(imports): stabilize transaction import ordering

test/controllers/api/v1/provider_connections_controller_test.rb

@@ -104,12 +104,28 @@ class Api::V1::ProviderConnectionsControllerTest < ActionDispatch::IntegrationTe
       failed_at: Time.current,
       error: "raw provider token secret"
     )
+    kraken_item = kraken_items(:one)
+    kraken_item.syncs.create!(
+      status: "failed",
+      failed_at: Time.current,
+      error: "raw kraken key secret"
+    )
 
     get api_v1_provider_connections_url, headers: api_headers(@api_key)
     assert_response :success
 
+    json_response = JSON.parse(response.body)
+    kraken_connection = json_response["data"].detect do |connection|
+      connection["id"] == kraken_item.id && connection["provider"] == "kraken"
+    end
+
+    assert_not_nil kraken_connection
+    assert_equal "KrakenItem", kraken_connection["provider_type"]
     refute_includes response.body, @mercury_item.token
+    refute_includes response.body, kraken_item.api_key
+    refute_includes response.body, kraken_item.api_secret
     refute_includes response.body, "raw provider token secret"
+    refute_includes response.body, "raw kraken key secret"
   end
 
   test "fails closed when credential readiness is unknown" do