fix: remove User-Agent override to prevent TLS/UA fingerprint mismatch

curl_cffi sets a User-Agent consistent with its JA3 TLS fingerprint.
BaseProvider's custom UA (Chrome/121) conflicted with the chrome120
TLS fingerprint, causing Cloudflare to flag the request as a bot.
Removing the UA from session headers lets curl_cffi manage its own.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/providers/chatgpt.py

@@ -40,6 +40,12 @@ class ChatGPTProvider(BaseProvider):
         cf_session = curl_requests.Session(impersonate=IMPERSONATE)
         super().__init__(session=cf_session)  # type: ignore[arg-type]
 
+        # Remove the User-Agent set by BaseProvider. curl_cffi sets a UA that is
+        # consistent with its TLS JA3 fingerprint for chrome120. If we leave a
+        # mismatched UA (e.g. Chrome/121 header with Chrome/120 TLS), Cloudflare's
+        # bot detection flags it. Removing it lets curl_cffi manage its own UA.
+        self._session.headers.pop("User-Agent", None)
+
         token = session_token or os.getenv("CHATGPT_SESSION_TOKEN", "").strip()
         if not token:
             raise ProviderError(