feat(js-sdk)!: Grant auth

[SeverinAlexB]

Adds grant-backed auth support to the JS SDK to make it feature complete to the rust SDK.
Updates JS examples to make them work with the new SDK.

What changed

• Added GrantAuthFlow bindings for starting, resuming, saving, polling, and awaiting grant-backed pubkyauth flows.
• Added Pubky.startGrantAuthFlow(...) and Pubky.resumeGrantAuthFlow(...).
• Added grant deep-link wrappers:
  • SigninGrantDeepLink
  • SignupGrantDeepLink
• Added Session.exportSecret() and updated Pubky.restoreSession(...) to restore grant credentials by minting a fresh bearer.
• Marked legacy cookie auth APIs/docs as deprecated where applicable.
• Extracted shared InFlightGuard logic so auth flows reject overlapping async calls cleanly.
• Updated JS SDK docs to prefer grant auth and direct signer signup(...) + signin(clientId).
• Refreshed examples/javascript:
  • uses the local SDK package from the repo
  • removes npm script shortcuts in favor of explicit node <script>.mjs
  • renames the testnet smoke helper to 0-check-testnet.mjs
  • updates examples for grant-backed sessions and optional signup token handling

What this is not doing: It is not adding more examples or optimizing the examples really. This will be done in another task. See #401 .

Caveats

I am not 100% content with the API surface yet. Nonetheless at the moment, I rather ship something working than delay the project. In subsequent versions, we should optimize it further.

[andrei-21]

I reviewed Rust code. Later I will try to run JS code.

[andrei-21]

I played with that, seems to work. Just a couple of comments to make the readme correct.