fix(kiro): Do not use OIDC region for API endpoint

Kiro API endpoints only exist in us-east-1, but OIDC region can vary
by Enterprise user location (e.g., ap-northeast-2 for Korean users).

Previously, when ProfileARN was not available, the code fell back to
using OIDC region for API calls, causing DNS resolution failures:

  lookup codewhisperer.ap-northeast-2.amazonaws.com: no such host

This fix removes the OIDC region fallback for API endpoints.
The region priority is now:
1. api_region (explicit override)
2. ProfileARN region
3. us-east-1 (default)

Fixes: Issue #253 (200-400x slower response times due to DNS failures)

internal/runtime/executor/kiro_executor.go

@@ -398,8 +398,8 @@ var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion)
 // Region priority:
 // 1. auth.Metadata["api_region"] - explicit API region override
 // 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource
-// 3. auth.Metadata["region"] - OIDC/Identity region (may differ from API region)
-// 4. kiroDefaultRegion (us-east-1) - fallback
+// 3. kiroDefaultRegion (us-east-1) - fallback
+// Note: OIDC "region" is NOT used - it's for token refresh, not API calls
 func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig {
 	if auth == nil {
 		return kiroEndpointConfigs
@@ -422,13 +422,9 @@ func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig {
 					regionSource = "profile_arn"
 				}
 			}
-			// Priority 3: OIDC region (only if not already set from profile_arn)
-			if regionSource == "default" {
-				if r, ok := auth.Metadata["region"].(string); ok && r != "" {
-					region = r
-					regionSource = "region"
-				}
-			}
+			// Note: OIDC "region" field is NOT used for API endpoint
+			// Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2)
+			// Using OIDC region for API calls causes DNS failures
 		}
 	}