test(auth): add login flow contract tests (#89)
Add tests that verify the API client returns `{url}` (not `{redirectUrl}`)
and that AuthProvider correctly redirects to the OAuth URL. This prevents
regression of the /login/undefined/ bug caused by field name mismatch.
- New client-api.test.ts: 7 tests for initiateLogin, refreshSession,
initiateCrossPostAuth response shapes and error handling
- Updated auth-context.test.tsx: login flow integration test verifying
window.location.href receives the OAuth URL from the API
authored by