frontend: attach auth credentials to all API requests

Add Authorization Bearer header to all fetch calls (apps, stream
start). Handle 401 responses by clearing token and redirecting to
login. Pass stream_token from the stream start response through to
the WebTransport URL as a query parameter for proxy authentication.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontend/src/routes/stream/+page.svelte

@@ -6,6 +6,7 @@
 	$: certHash = streamStore.CertHash;
 	$: width = streamStore.Width;
 	$: height = streamStore.Height;
+	$: streamToken = streamStore.StreamToken;
 </script>
 
 <svelte:head>
@@ -13,9 +14,7 @@
 	<meta name="description" content="Streaming game" />
 </svelte:head>
 
-<!--<section>
-</section>-->
-<Stream {url} {certHash} {width} {height} />
+<Stream {url} {certHash} {width} {height} {streamToken} />
 
 <style>
 	section {