feat: auto-refresh expired sessions and unify session checks

- persist the refresh_token at login and silently mint a new access token via
  grant_type=refresh_token when the stored one expires (api/session.ts).
- centralize session resolution: context() auto-refreshes; requireApi() gives a
  uniform 'not logged in' error; FaableApi maps any 401 to a single 'session
  expired, run faable login' message used by every command.
- login: skip the 'already logged in' prompt when the stored token is expired.

feat: prompt on re-login when already authenticated, send device name

- login: when a session already exists (interactive flow), confirm before
  re-authenticating; --apikey/--token skip the prompt.
- send a human-friendly device_name (hostname + OS) on /oauth/device/code so
  the auth confirm page can show which device is being authorized.

fix: validate session in link/deploy, whoami via auth server, remove …

…obsolete init

- whoami: introspect the token against the Faable Auth server (/me); the
  deploy API has no /auth/me route and returned 404 ('Not Found').
- link & deploy: guard against a missing session instead of crashing with
  'Cannot read "list"/"getApp" of undefined'. OIDC/CI path unaffected.
- remove the obsolete 'init' command (use 'login --apikey').

fix: login command

fix: no claude allowed here

fix: cli simplification

fix: python runtime

fix: update cli builder with new frameworks

fix: deploy changes

fix: link ui