Only set secret key or client ID when not using auth token (#6994)

This PR modifies the header setting logic in `getClientFetch` to ensure that secret keys and client IDs are only set when not using an auth token. This prevents potential conflicts between different authentication methods by making the header setting logic mutually exclusive.

<!-- start pr-codex -->

---

## PR-Codex overview
This PR modifies the logic in the `fetch.ts` file to ensure that the `x-secret-key` and `x-client-id` headers are only set when not using the authentication token, enhancing security and clarity in header management.

### Detailed summary
- Added an `else` clause to only set `x-secret-key` if not using the auth token.
- Rearranged the condition for setting `x-client-id` to follow the new logic.

> ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`

<!-- end pr-codex -->

Author: jnsdls

packages/thirdweb/src/utils/fetch.ts

@@ -70,14 +70,15 @@ export function getClientFetch(client: ThirdwebClient, ecosystem?: Ecosystem) {
         if (client.teamId) {
           headers.set("x-team-id", client.teamId);
         }
-      }
-
-      if (secretKey) {
-        headers.set("x-secret-key", secretKey);
-      }
+      } else {
+        // only set secret key or client id if we are NOT using the auth token!
+        if (secretKey) {
+          headers.set("x-secret-key", secretKey);
+        }
 
-      if (clientId) {
-        headers.set("x-client-id", clientId);
+        if (clientId) {
+          headers.set("x-client-id", clientId);
+        }
       }
 
       if (ecosystem) {