feat(accounts): add export action with audit and no-store safeguards

[timefox]

Summary

• Account export added: Dashboard now exposes an Export action and the backend returns the latest Codex-compatible auth.json payload for a selected account
• Risk window tightened: Export moved to POST and both server/client now mark the request as no-store / no-cache to reduce credential exposure via caches
• Audit included: Export operations now write account_exported audit logs with request_id and account_id for traceability
• Compatibility covered: Auth parsing now accepts the latest export timestamp field last_refresh alongside the existing lastRefreshAt format
• Tests updated: Backend export API, audit logging, auth parsing, frontend download behavior, and MSW handler coverage were all extended

Screenshot

Changed files

File	Change
app/modules/accounts/api.py	Added POST /api/accounts/{account_id}/export, set no-store headers, and logged account_exported audit events
app/modules/accounts/service.py	Built the export response payload in the latest Codex auth.json structure
app/modules/accounts/schemas.py	Added AccountExportResponse
app/core/auth/__init__.py	Accepted last_refresh in addition to lastRefreshAt when parsing auth.json
frontend/src/features/accounts/components/account-actions.tsx	Added the Export button to account actions
frontend/src/features/accounts/components/account-detail.tsx	Wired the export callback into account detail
frontend/src/features/accounts/components/accounts-page.tsx	Connected export mutation and busy/error handling at page level
frontend/src/features/accounts/api.ts	Added the export API client call
frontend/src/features/accounts/schemas.ts	Added the export response schema
frontend/src/features/accounts/hooks/use-accounts.ts	Implemented export mutation, blob download, and success/error toast handling
frontend/src/lib/api-client.ts	Added fetch cache control support so sensitive requests can opt into no-store
frontend/src/test/mocks/handlers.ts	Added MSW mock for the new account export endpoint
frontend/src/test/mocks/handler-coverage.test.ts	Added handler coverage for account export
tests/integration/test_accounts_api.py	Added export success/404 coverage plus no-store header and auth payload validation
tests/unit/test_auth.py	Added parsing coverage for the latest Codex export format
tests/unit/test_audit_trail.py	Added audit coverage for account_exported
frontend/src/features/accounts/hooks/use-accounts.test.ts	Added frontend export download behavior coverage

Test results

• uv run pytest tests/unit/test_auth.py tests/unit/test_audit_trail.py tests/integration/test_accounts_api.py tests/integration/test_accounts_api_extended.py

• 29 passed, 1 skipped, 0 failed

• bun run test src/features/accounts/hooks/use-accounts.test.ts src/test/mocks/handler-coverage.test.ts src/__integration__/accounts-flow.test.tsx

• 5 passed, 0 skipped, 0 failed

• bun run typecheck

• passed