Map INVALID_CREDENTIALS to http.StatusBadRequest (400) instead of
http.StatusUnauthorized (401) to better align with client error semantics.
Update ErrorWithStringCode to return the HTTP status code in the 'code'
field and set 'data' to nil, removing the legacy compatibility workaround
that set 'code' to 0.
BREAKING CHANGE: Response structure for ErrorWithStringCode changed (Code
field now returns status code, Data is nil) and INVALID_CREDENTIALS status
changed from 401 to 400.