D2 [CRIT]: auth status/token exit-code correctness (C2+C3+C4)

[espadonne]

Summary

Three CRIT findings from the C-audit's exit-code-correctness cluster — all in the auth command surface, all blocking CI scripts that gate on shithub auth status >/dev/null 2>&1.

• C2 — auth status with no hosts configured exited 0. Now errors auth: no hosts configured. Run 'shithub auth login' to add one.
• C3 — auth status --hostname X for an unconfigured X printed "no hosts configured" (false: there ARE hosts) and exited 0. Now errors auth: not logged into <X>.
• C4 — auth token emitted the bearer with no trailing newline; read TOKEN <<< $(shithub auth token) was visibly broken and the next prompt char butted up against the token bytes. Now ends in \n (gh-compat).

Test plan

• TestStatusEmptyHostsExitsNonZero — regression: no-hosts errors, names the login command.
• TestStatusUnknownHostnameExitsNonZero — regression: --hostname X for unknown X errors with not logged into X.
• TestTokenPrintsStoredValue — flipped assertion: token now ends with \n.
• All existing auth tests (status human/JSON/active, token missing-hint) still green.
• make ci green locally.

Notes

This is D2 from the D-audit campaign (.docs/sprints/D2-cli-auth-exit-codes.md). Two MIN findings from the same exit-code-correctness rule (C22 completion, C27 api -H) are intentionally out of scope here — they live in their own packages and will land separately.