fix: cache parsed PEM private key to avoid re-parsing per request

[Bortlesboat]

Summary

• parse the PEM private key once in APIBase.__init__() and cache the loaded key when possible
• pass the cached key through REST and WebSocket JWT builders instead of re-parsing on every token
• preserve constructor behavior for placeholder or invalid secrets by falling back to the existing parse-on-demand path
• add focused regression coverage for JWT helper reuse plus REST and WebSocket wiring

Context

This replays #124, which was approved on March 6, 2026 but later closed on March 21, 2026 after the original head repo was deleted.

From the public timeline, that earlier approval appears to have been invalidated by Coinbase's Heimdall MFA gate on the reviewer account, so I'm reopening the same fix from a live fork for fresh review.

Testing

• python -m pytest tests/test_api_base.py tests/test_jwt_generator.py tests/rest/test_rest_base.py
• python -m pytest tests/websocket/test_websocket_base.py::WSBaseTest::test_subscription_message_uses_cached_private_key

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1