feat(v3-auth): modernize hosted file access with simplified bypass pattern

- Roll out platform-wide standard for unauthenticated binary access using '?key=[account_id]' query parameter.
- Update API helpers (get, post, patch) to recognize 'key' bypass and strip account context headers accordingly.
- Refactor IDAA Bulletin Board to restore inline image rendering and edit-mode previews.
- Modernize Events Launcher (Layout, Sync, Session View) to use V3 Action URLs with verified auth.
- Update HTML generators in 'ae_utils.ts' to support the new authenticated URL structure.
- Harden 'ae_comp__event_file_obj_tbl' CSV export and clipboard links with V3 standard patterns.

src/routes/events/[event_id]/(launcher)/launcher/+layout.svelte

@@ -220,11 +220,14 @@
                 let obj_id = obj_parts[1];
                 let obj_filename = cmd_parts[2];
 
-                api.download_hosted_file({
+                api.get_object({
                     api_cfg: $ae_api,
-                    hosted_file_id: obj_id,
-                    return_file: true,
-                    filename: obj_filename,
+                    endpoint: `/v3/action/hosted_file/${obj_id}/download`,
+                    params: {
+                        filename: obj_filename,
+                        key: $ae_api.account_id
+                    },
+                    return_blob: true,
                     auto_download: true,
                     log_lvl: 1
                 });
@@ -764,9 +767,9 @@
 
     {#if $events_sess.launcher.modal__open_event_file_id}
         <img
-            src="{$ae_api.base_url}/event/file/{$events_sess.launcher
+            src="{$ae_api.base_url}/v3/action/event_file/{$events_sess.launcher
                 .modal__open_event_file_id}/download?filename={$events_slct.event_file_obj
-                .filename}&x_no_account_id_token=direct-download"
+                .filename}&key={$ae_api.account_id}"
             alt="Poster"
             class="min-h-28 min-w-md max-h-full max-w-full"
         />