fix: resolve OIDC session state issue and synchronize portal sessions

Details:
- Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo.
- Backend: Include sessionJwt and token during OIDC flows in PasswordLogin.
- UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing.
- UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect.
- AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.

backend/internal/service/ory_service.go

@@ -247,7 +247,8 @@ func (o *OryProvider) SignIn(loginID, password string) (*domain.AuthInfo, error)
 			Expiration: result.SessionTokenExpiresAt,
 			SessionID:  result.Session.ID,
 		},
-		Subject: result.Session.Identity.ID,
+		Subject:    result.Session.Identity.ID,
+		SetCookies: resp.Cookies(),
 	}, nil
 }
 
@@ -693,7 +694,8 @@ func (o *OryProvider) VerifyLoginCode(loginID, flowID, code string) (*domain.Aut
 			Expiration: result.SessionTokenExpiresAt,
 			SessionID:  result.Session.ID,
 		},
-		Subject: result.Session.Identity.ID,
+		Subject:    result.Session.Identity.ID,
+		SetCookies: resp.Cookies(),
 	}, nil
 }