Add auth login command using OAuth device flow

## Summary

Implement `lattice auth login` using the OAuth 2.0 device flow so the CLI can access Lattice app APIs with user identity.

## Details

The forkzero/auth service already provides:
- Device flow endpoints (`POST /api/v1/device/authorize`, `POST /api/v1/device/token`)
- Rust SDK with device flow support (`crates/forkzero-auth`)

### UX

```
$ lattice auth login
→ Visit https://id-dev.forkzero.com/device and enter code: ABCD-1234
→ Waiting for authorization... ✓
→ Logged in as george@forkzero.com
```

### Implementation

1. Add `lattice auth login` subcommand
2. Call device/authorize to get `user_code`, `device_code`, `verification_uri`
3. Display URL + code, optionally open browser
4. Poll device/token until approved (handle `authorization_pending`, `slow_down`, `expired_token`)
5. Cache token locally (e.g. `~/.lattice/credentials.json`) with refresh token
6. Add `lattice auth logout` to clear cached credentials
7. Add `lattice auth status` to show current auth state

### Dependencies

- forkzero/auth#10 — `lattice-app` client needs device_code grant type enabled

### Also needed (in this repo)

- **Token storage** — cache access/refresh token locally, auto-refresh on expiry
- **API key fallback** — check `LATTICE_API_KEY` env var before requiring OAuth login (for CI/automation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add auth login command using OAuth device flow #5

Summary

Details

UX

Implementation

Dependencies

Also needed (in this repo)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add auth login command using OAuth device flow #5

Description

Summary

Details

UX

Implementation

Dependencies

Also needed (in this repo)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions