feat: auth capture — interactive browser, CDP header capture, cookie auth

- AuthCaptureDialog: full WS screenshot stream + mouse/keyboard/scroll events
- Backend auth_capture: CDP Network.requestWillBeSent for Authorization headers
- Candidate scoring: confidence 0-95%, preview (masked), auth_headers section
- Upstream form: add 'Cookie' auth type, handle cookie selection
- UpstreamClient: support auth_type=cookie with Cookie header
- No secrets logged at DEBUG or higher

frontend/src/api/index.ts

@@ -337,11 +337,14 @@ export interface AuthCaptureResult {
   cookies: Record<string, any>[]
   storage: Record<string, string>
   session_storage: Record<string, string>
+  auth_headers: Record<string, string>[]
   candidates: {
     type: 'bearer_token' | 'cookie' | 'credential'
     source: string
     value: string
+    preview: string
     label: string
+    confidence: number
     cookie_name?: string
     cookie_value?: string
   }[]