feat: add dev-only login bypass with pre-shared token
Adds a /dev/login route (compile-time gated to dev/test) that
authenticates a dev user when given the correct SOWER_DEV_LOGIN_TOKEN.
This enables agent-browser and other dev tooling to get authenticated
sessions without an OIDC provider.
The token is generated into .dev-login-token via .envrc and exported
as SOWER_DEV_LOGIN_TOKEN.
sow-108
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>