feat(settings): add ChatGPT OAuth device code login for Codex CLI

Add OAuth device code flow for Codex CLI official subscription auth,
allowing users to log in with their ChatGPT account directly from the
agent settings page without using the terminal.

- Backend: two new endpoints (codex_request_device_code, codex_poll_device_code)
  that handle the OpenAI OAuth device code flow and return tokens to frontend
- Frontend: login UI with verification URL, copyable user code, polling status,
  15-minute timeout, and auto-save via existing persistEnv/persistConfig path
- Auth.json written in Codex CLI compatible format (nested tokens, account_id,
  last_refresh) so codex-acp can use OAuth tokens directly
- Show logged-in status and re-login option when tokens are present
- Remove auth.json textarea from Codex settings UI
- i18n: all 10 languages updated with new login-related keys

src/i18n/messages/en.json

@@ -557,7 +557,21 @@
       "enableFast": "Enable Fast",
       "enableFastAria": "Enable Fast service tier for Codex",
       "authJsonNative": "auth.json (native)",
-      "configTomlNative": "config.toml (native)"
+      "configTomlNative": "config.toml (native)",
+      "loginButton": "Log in with ChatGPT",
+      "loginRequesting": "Requesting login code...",
+      "loginStep1": "Open the following URL in your browser:",
+      "loginStep2": "Enter the code below:",
+      "loginPolling": "Waiting for authorization...",
+      "loginCancel": "Cancel",
+      "loginSuccess": "Logged in successfully, config saved!",
+      "loginFailed": "Login failed: {message}",
+      "loginRetry": "Retry",
+      "loginCodeCopied": "Code copied",
+      "loggedIn": "Account logged in",
+      "loginRelogin": "Re-login / Switch account",
+      "loginTimeout": "Login timed out, please try again",
+      "loginSaveFailed": "Login succeeded but failed to save config"
     },
     "gemini": {
       "authConfig": "Gemini Auth Config",