Consolidate GCP OAuth documentation

- Merge architecture/overview from GCP_OAUTH_SETUP.md into GCP_OAUTH_GKE_SETUP.md
- Remove redundant GCP_OAUTH_SETUP.md file
- Remove internal GCP_OAUTH_IMPLEMENTATION_STATUS.md file
- Keep single comprehensive GKE deployment guide

Author: drduker

docs/GCP_OAUTH_GKE_SETUP.md

@@ -2,6 +2,54 @@
 
 This guide covers how to configure GCP OAuth authentication for Headlamp when deploying to Google Kubernetes Engine (GKE).
 
+## Overview
+
+This implementation adds GCP OAuth 2.0 authentication support to Headlamp, replacing the deprecated Identity Service for GKE. Users authenticate with their Google Cloud account, and the authentication tokens are used to access Kubernetes resources with proper RBAC.
+
+## Architecture
+
+### Authentication Flow
+
+1. **User Login**: User clicks "Sign in with Google" in Headlamp UI
+2. **OAuth Redirect**: User is redirected to Google's OAuth consent screen
+3. **Authorization**: User authorizes Headlamp to access their GCP account
+4. **Callback**: Google redirects back to Headlamp with authorization code
+5. **Token Exchange**: Headlamp exchanges code for access/refresh tokens
+6. **K8s API Access**: Tokens are used to authenticate with Kubernetes API
+7. **RBAC Authorization**: Kubernetes RBAC evaluates permissions based on user's GCP identity
+
+### Components
+
+#### Backend Changes
+
+1. **GCP Authenticator** (`backend/pkg/gcp/auth.go`)
+   - Implements OAuth 2.0 flow with Google
+   - PKCE (Proof Key for Code Exchange) support for enhanced security
+   - Token refresh and caching mechanisms
+   - GKE cluster detection
+
+2. **Route Handlers** (`backend/pkg/gcp/handlers.go`)
+   - `/gcp-auth/login`: Initiates OAuth flow
+   - `/gcp-auth/callback`: Handles OAuth callback
+   - `/gcp-auth/refresh`: Refreshes expired tokens
+   - `/gcp-auth/enabled`: Check if GCP OAuth is enabled
+
+3. **Configuration** (`backend/pkg/config/config.go`)
+   - `GCPOAuthEnabled`: Enable/disable GCP OAuth
+   - `GCPClientID`: OAuth 2.0 Client ID
+   - `GCPClientSecret`: OAuth 2.0 Client Secret
+   - `GCPRedirectURL`: Callback URL for OAuth flow
+
+#### Frontend Changes
+
+1. **GCP Login Button** (`frontend/src/components/cluster/GCPLoginButton.tsx`)
+   - React component that renders "Sign in with Google" button
+   - Automatically shown for GKE clusters or when backend OAuth is enabled
+
+2. **Auth Chooser** (`frontend/src/components/authchooser/index.tsx`)
+   - Shows authentication options including GCP OAuth
+   - Prevents auto-redirect to token page to allow users to choose auth method
+
 ## Prerequisites
 
 1. GKE cluster up and running