[AUTOMATION] fix: optimize auth login scope deduplication

[michiosw]

Summary
This optimizes auth login scope resolution by replacing repeated duplicate scans with one stable dedupe pass.

Before this, resolveLoginScopes in internal/auth/oidc.go checked every requested scope against the growing result slice, which repeated linear scans as the input list grew.

Now a single seen set is the canonical path:

for _, scope := range scopes {
    if _, ok := seen[scope]; ok {
        continue
    }
    seen[scope] = struct{}{}
    resolved = append(resolved, scope)
}

Why
This gives kontext-cli a cheaper runtime path for login scope selection:

login scope input
-> resolveLoginScopes
-> deduped ordered scope list

This PR does not broaden behavior beyond the optimization scope.

What changed
Optimized auth login scope deduplication
Removed repeated linear scope membership scans
Preserved scope order and default scope behavior
Updated tests for repeated custom scope inputs

Verification
go test ./internal/auth
go test ./internal/auth -run 'TestResolveLoginScopes'
go test ./internal/guard/judge -run TestStartLlamaServerEarlyExitDoesNotWaitForStopTimeout -count=3
go test ./...
go vet ./...
git diff --check

[michiosw]

• [AUTOMATION] fix: optimize auth login scope deduplication #285 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Summary

This PR optimizes login scope deduplication in the OIDC auth flow. The main changes are:

• Replaces repeated linear scope scans with a single seen map.
• Preserves the base login scope selection and output order.
• Adds coverage for repeated custom login scopes.

Confidence Score: 5/5

This looks safe to merge.

• No blocking issues found in the changed code.

_{Reviews (1): Last reviewed commit: "fix: optimize auth login scope deduplica..." | Re-trigger Greptile}