fix(qdrant): handle 401/403 in ensureCollection for scoped JWTs

[huveewomg]

Description

ensureCollection calls createCollection and only catches 409 Conflict to handle the "already exists" case. When Qdrant is configured with a collection-scoped JWT, createCollection returns 401/403 because creating collections requires global access. These status codes were not caught, causing every write operation to throw.

This is a regression introduced by #4297 which changed ensureCollection to an atomic create-and-catch-409 pattern. The fix correctly handled the 409 race condition but did not account for 401/403 responses from scoped JWTs.

Fixes #4355

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Verified by live debugging against the compiled dist/oss/index.mjs in a running container configured with Qdrant collection-scoped JWTs. Before the fix every mem.add() call threw 403 Forbidden: Global access is required. After the fix the call succeeds — getCollection runs with the scoped token and confirms the collection exists.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes generate no new warnings

Maintainer Checklist

• closes ensureCollection throws 403 with Qdrant scoped JWTs — only catches 409, not 401/403 #4355
• Made sure Checks passed

[CLAassistant]

All committers have signed the CLA.