Sync stored accounts with live Codex auth

[SHAREN]

Summary

This PR reconciles the stored active account with the real Codex auth.json state so the UI does not stay stuck on a stale account after an external switch.

What changed

• added live auth reconciliation against the current ~/.codex/auth.json
• matched the live auth state against stored accounts by ChatGPT account id, email, or existing tokens, and by API key when applicable
• updated switching to validate and refresh ChatGPT credentials before rewriting auth.json
• triggered the frontend sync on startup, window focus, and periodic refreshes so the dashboard follows the real Codex state

Why

The stored active_account_id can drift from the actual Codex auth file when the user switches accounts outside the switcher. In that state, the UI shows the wrong active account and can operate on stale credentials.

Validation

• pnpm build
• cargo build --manifest-path src-tauri/Cargo.toml
• ran a local smoke check through sync_live_auth_to_store() against the current machine state and confirmed the stored active account already matched the live ~/.codex/auth.json account (osborne03961)

[Lampese]

Requesting changes for one behavioral issue:

The live-auth reconciliation path is doing more than syncing the active account. When the current ~/.codex/auth.json does not match an existing stored account, the backend creates a brand new stored account and persists it immediately. The frontend then triggers this path on startup, on window focus, and every 5 seconds. In practice, that means switching Codex externally can silently import new persistent accounts into Codex Switcher without the user explicitly adding them.

That feels materially broader than the PR's stated goal of reconciling the stored active account with the real live auth state. I think this should be resolved before merging, either by limiting reconciliation to active-state alignment or by making auto-import an explicit user-approved action.