fix(auth): ensure endpoint-mode login after server list refresh + add regression test (#728)

[ljluestc]

This PR fixes and tests endpoint/address-mode authentication.

Problem (#728): In endpoint mode, login could return false if the discovered serverList was not present at login time, causing 403 on instance registration.

Changes:

• fix(nacos_server): Trigger security login immediately after endpoint server list updates (in refreshServerSrvIfNeed) to ensure access token is acquired promptly.
• test(nacos_server): Add regression test (TestEndpointMode_LoginAndInjectToken) that:
  • Mocks address server discovery to return a server node.
  • Verifies login hits /v1/auth/users/login on the discovered node.
  • Verifies accessToken is injected into subsequent naming requests.

Why this is safe:

• Login is idempotent; called after unlocking to avoid holding locks during network I/O.
• Only affects endpoint/address mode when the list changes.

How to verify:

• GOTOOLCHAIN=go1.21.5 go test ./common/nacos_server -run TestEndpointMode_LoginAndInjectToken -v
• Or: GOTOOLCHAIN=go1.21.5 go test ./... -v

Fixes #728

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}