fix: cache parsed PEM private key to avoid re-parsing per request

[Bortlesboat]

Summary

• Parse the PEM private key once in APIBase.__init__() instead of on every request
• Pass the cached key through build_rest_jwt() and build_ws_jwt() via an optional private_key parameter
• Backward-compatible: callers that don't pass private_key get the original parsing behavior
• Avoids redundant load_pem_private_key() ASN.1/DER parsing on every HTTP request

Fixes #121

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1

[cb-heimdall]

Review Error for JTCombs95-commits @ 2026-03-06 21:19:28 UTC
User failed mfa authentication, see go/mfa-help

[Bortlesboat]

Quick follow-up from my side: I’m treating review-required PRs as top priority this week. If you want any specific changes, rebase, or split, I can turn them around quickly.

[Bortlesboat]

Reopened this fix from a live fork in #128 after this PR was closed when the original head repo disappeared. The code path still reproduces cleanly on current \master\, so the replacement PR carries the same optimization plus focused regression coverage and fresh review context.