feat(dev): wire Cloudflare named tunnel for granular OAuth dev scopes
The Bluesky package clamps scopes to atproto when client_id falls back
to http://localhost in dev (loopback profile). Front local dev with a
public Cloudflare named tunnel so the AS can fetch the real client
metadata document, which declares the granular repo:app.skyreader.*
scopes — and the consent screen lists them.
- AppServiceProvider: force HTTPS scheme so url() matches APP_URL
behind a TLS-terminating proxy
- config/solo.php: add Tunnel command; pass --no-reload to serve
so PHP_CLI_SERVER_WORKERS=4 actually spawns workers (the AS's
synchronous metadata fetch during PAR otherwise deadlocks)
- README: per-dev cloudflared setup, parameterized with <subdomain>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>