feat(web-service): allow custom access token with persisted port and localized start errors

- Persist user-supplied access token and last-used port in app_metadata, falling back to defaults when unset
- Atomically guard concurrent starts via compare_exchange with RAII rollback of the running flag
- Wrap token and port persistence in a single SeaORM transaction to prevent partial writes
- Classify bind errors (port in use, permission denied, address unavailable, invalid address) into stable i18n keys
- Localize start-failure messages across all 10 supported languages

src/lib/api.ts

@@ -1477,10 +1477,12 @@ export interface WebServerInfo {
 export async function startWebServer(params?: {
   port?: number
   host?: string
+  token?: string | null
 }): Promise<WebServerInfo> {
   return getTransport().call("start_web_server", {
     port: params?.port ?? null,
     host: params?.host ?? null,
+    token: params?.token ?? null,
   })
 }
 
@@ -1492,6 +1494,15 @@ export async function getWebServerStatus(): Promise<WebServerInfo | null> {
   return getTransport().call("get_web_server_status")
 }
 
+export interface WebServiceConfig {
+  token: string | null
+  port: number | null
+}
+
+export async function getWebServiceConfig(): Promise<WebServiceConfig> {
+  return getTransport().call("get_web_service_config")
+}
+
 // ─── Chat Channels ───
 
 export async function listChatChannels(): Promise<ChatChannelInfo[]> {