Feature: Robust Google Photos Integration & Media Hardening

- Implemented Google Photos Picker with Session API.
- Fixed 403 Forbidden errors by adding OAuth headers to download requests.
- Implemented MediaHandler resilience:
  - 3-Step Import (Save to Root -> Verify Folder -> Move).
  - Advanced Drive API Fallback (v3/v2) for file creation.
  - Blob Sanitization (Utilities.newBlob) to fix server errors.
- Enabled Advanced Drive Service in ppsscript.json.
- Updated Documentation (MEMORY.md, ARCHITECTURE.md) with findings.

MEMORY.md

@@ -31,4 +31,12 @@ This project (`product_inventory`) integrates Google Sheets with Shopify. It ser
 32: - **Google Picker**: Integrated via `picker.js` using an API Key and OAuth Token passed securely from backend.
 33: - **Drive as Source of Truth**: All uploads go to Drive first (Folder structure: `Root/SKU/Files`).
 34: - **Shopify Sync**: `MediaService` orchestrates the complex `Staged Uploads` -> `Create Media` mutation flow.
-35: - **Security**: `appsscript.json` requires explicit scopes for `userinfo.email` (Picker) and `drive` (Files). API Keys are stored in `vars` sheet, never hardcoded.
+35: - **Security**: `appsscript.json` requires explicit scopes for `userinfo.email` (Picker), `drive` (Files), and `drive` (Advanced Service). API Keys are stored in `vars` sheet, never hardcoded.
+
+### Media Handling Quirks
+- **Google Photos Picker**:
+    - The `baseUrl` returned by the Picker API is hidden inside `mediaFile.baseUrl` (not top-level).
+    - Downloading this URL requires an **Authorization header** with the script's OAuth token, or it returns 403.
+    - `DriveApp.createFile(blob)` is fragile with blobs from `UrlFetchApp`. We use a 2-step fallback:
+        1. Sanitize with `Utilities.newBlob()`.
+        2. Fallback to **Advanced Drive Service** (`Drive.Files.create` / `v3`) if standard creation fails.