🆕 Token login added

Backend (AuthHttpHandler):
- New users_remember_tokens table stores sha256 hex of the raw token
  so the DB never holds a usable credential. Seed file adds the table
  and a login.remember.duration.days setting (default 30).
- /api/auth/login accepts "remember": true. On success, issues a fresh
  32-byte base64url token, stores the hash, returns the raw token.
- New POST /api/auth/remember: accepts the raw token, looks up by hash,
  on a valid hit mints a fresh SSO ticket, rotates the token (deletes
  the consumed one and issues a new one), returns both to the client.
  No Turnstile - it's an automated trusted-device flow.
- /api/auth/logout also accepts rememberToken and deletes that single
  row so other devices keep their tokens.

Frontend:
- LoginView: "Remember me" checkbox (key login.remember_me already in
  ExternalTexts). Enabling it persists the returned rememberToken in
  localStorage.nitro.remember.token.
- App.tsx: before deciding to show the login screen, try a silent POST
  to /api/auth/remember with the stored token. On 200, inject the
  returned ssoTicket into window.NitroConfig and proceed to the
  authenticated flow; on 401, forget the token and show login.
- PurseView logout: sends the stored rememberToken in the body so the
  server can delete it, and clears localStorage before reload.

src/css/login/LoginView.css

@@ -152,6 +152,22 @@
     box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 0 0 2px rgba(63, 106, 133, 0.3);
 }
 
+.nitro-login-card .remember-me {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 11px;
+    color: #0a2e45;
+    user-select: none;
+    cursor: pointer;
+    margin: -2px 0 2px 0;
+}
+
+.nitro-login-card .remember-me input[type="checkbox"] {
+    margin: 0;
+    cursor: pointer;
+}
+
 .nitro-login-card .submit-row {
     display: flex;
     justify-content: center;