feat: session auth + per-user/persona UI at /{user}/{persona}

Replaces nginx basic auth with a proper per-user session system:

- auth_utils.py: bcrypt password hashing, JWT cookie creation/decode
- auth_middleware.py: validates JWT cookie on all routes except /login,
  /health, /static/, and webhook endpoints (/channels/, /webhook/)
- routers/ui.py: GET /login, POST /login, POST /logout,
  GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected
- static/login.html: minimal login form (dark theme, matches UI)
- main.py: registers SessionAuthMiddleware + ui.router
- config.py: jwt_secret, jwt_expire_days settings
- manage_passwords.py: CLI tool to set/check/list user passwords
- app.js: reads window.CORTEX_CONFIG (user + persona), sends both on
  every /chat and /orchestrate request; persona name shown in header;
  logout button (⏏) added to header
- requirements.txt: bcrypt, PyJWT, python-multipart
- .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented
- tests: client fixture injects JWT cookie; security test assertions
  updated for URL-normalized path traversal paths (still secure, codes differ)

All 80 tests pass.

Setup for a new user:
  python manage_passwords.py set scott
  python manage_passwords.py set holly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/auth_middleware.py

@@ -0,0 +1,51 @@
+"""
+Session auth middleware.
+
+Validates the JWT cookie on every request. Unprotected paths are explicitly
+listed in _PUBLIC. Webhook endpoints have their own auth (HMAC/JWT) so they
+are also excluded.
+
+Sets request.state.session_user to the authenticated username so downstream
+routers can enforce ownership without re-reading the cookie.
+"""
+
+import jwt
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import RedirectResponse, JSONResponse
+
+from auth_utils import COOKIE_NAME, decode_token
+
+# Paths that don't require a session cookie
+_PUBLIC = {"/login", "/logout", "/health"}
+
+# Path prefixes that are server-to-server webhooks with their own auth
+_WEBHOOK_PREFIXES = ("/channels/", "/webhook/")
+
+
+class SessionAuthMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        path = request.url.path
+
+        # Always allow public paths and webhooks
+        if path in _PUBLIC or path.startswith(_WEBHOOK_PREFIXES):
+            return await call_next(request)
+
+        # Allow static assets without a cookie
+        if path.startswith("/static/"):
+            return await call_next(request)
+
+        # Validate session cookie
+        token = request.cookies.get(COOKIE_NAME)
+        if token:
+            try:
+                request.state.session_user = decode_token(token)
+                return await call_next(request)
+            except jwt.InvalidTokenError:
+                pass
+
+        # No valid session — redirect browser requests, 401 for API/JSON
+        accept = request.headers.get("accept", "")
+        if "text/html" in accept:
+            return RedirectResponse("/login", status_code=302)
+        return JSONResponse({"detail": "Not authenticated"}, status_code=401)