feat: support web auth transport cookies and versionless access [WPB-23964]

[Garzas]

https://wearezeta.atlassian.net/browse/WPB-23964

---

PR Submission Checklist for internal contributors

• The PR Title

  • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
  • contains a reference JIRA issue number like SQPIT-764
  • answers the question: If merged, this PR will: ... ³

• The PR Description

  • is free of optional paragraphs and you have filled the relevant parts to the best of your ability

---

What's new in this PR?

Issues

• Web auth transport was not fully aligned with browser cookie handling.
• The access-token refresh flow was going through the default API versioning path, even though the correct browser contract is the versionless /access endpoint.

Causes (Optional)

• Kalium applies /v{commonApiVersion}/ automatically to most REST requests.
• That is correct for regular API endpoints, but not for the browser refresh/access-token flow.
• Cookie handling also differs between browser and native clients, so the existing inline refresh-cookie logic was too rigid for web.

Solutions

• Added a small platform-specific auth helper layer for browser credentials and refresh-cookie handling.
• Introduced a JS implementation for browser-managed cookie behavior, while keeping native platforms aligned with the previous manual cookie flow.
• Added an explicit way to skip API version prefixing for special-case endpoints.
• Updated the access-token refresh flow to use the correct versionless /access path.
• Switched the affected auth-related requests to the new helpers for more consistent web-compatible behavior.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Test Results

0 tests   - 4 718   0 ✅  - 4 601   0s ⏱️ - 2m 45s
0 suites  -   779   0 💤  -   117 
0 files    -   779   0 ❌ ±    0 

Results for commit 33788a0. ± Comparison against base commit 55fa770.

♻️ This comment has been updated with latest results.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 46.42857% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.61%. Comparing base (55fa770) to head (33788a0).

Files with missing lines	Patch %	Lines
...m/network/api/v0/authenticated/AccessTokenApiV0.kt	0.00%	3 Missing ⚠️
...um/network/api/v0/unauthenticated/RegisterApiV0.kt	0.00%	3 Missing ⚠️
...m/network/api/v3/authenticated/AccessTokenApiV3.kt	0.00%	3 Missing ⚠️
...om/wire/kalium/network/utils/WireDefaultRequest.kt	50.00%	1 Missing and 2 partials ⚠️
...kalium/network/api/v0/authenticated/LogoutApiV0.kt	33.33%	2 Missing ⚠️
...alium/network/api/v0/unauthenticated/LoginApiV0.kt	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #4009      +/-   ##
===========================================
- Coverage    59.61%   59.61%   -0.01%     
===========================================
  Files         2026     2027       +1     
  Lines        65513    65528      +15     
  Branches      7147     7148       +1     
===========================================
+ Hits         39055    39062       +7     
- Misses       23261    23267       +6     
- Partials      3197     3199       +2     

Files with missing lines	Coverage Δ
...re/kalium/network/auth/WebAuth.commonJvmAndroid.kt	100.00% <100.00%> (ø)
...e/kalium/network/api/v0/authenticated/SelfApiV0.kt	64.28% <100.00%> (ø)
...um/network/api/v0/unauthenticated/SSOLoginApiV0.kt	86.36% <100.00%> (ø)
.../network/api/v9/authenticated/NotificationApiV9.kt	21.56% <100.00%> (+1.56%)	⬆️
...alium/network/api/v0/unauthenticated/LoginApiV0.kt	79.48% <50.00%> (+0.53%)	⬆️
...kalium/network/api/v0/authenticated/LogoutApiV0.kt	42.10% <33.33%> (-4.96%)	⬇️
...m/network/api/v0/authenticated/AccessTokenApiV0.kt	6.25% <0.00%> (-0.42%)	⬇️
...um/network/api/v0/unauthenticated/RegisterApiV0.kt	0.00% <0.00%> (ø)
...m/network/api/v3/authenticated/AccessTokenApiV3.kt	0.00% <0.00%> (ø)
...om/wire/kalium/network/utils/WireDefaultRequest.kt	80.00% <50.00%> (-20.00%)	⬇️

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 55fa770...33788a0. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Bencher Report

Branch	kubaz/feat/web-auth-transport
Testbed	ubuntu-latest

⚠️ WARNING: No Threshold found!

Without a Threshold, no Alerts will ever be generated.

• Latency (nanoseconds (ns))

Click here to create a new Threshold
For more information, see the Threshold documentation.
To only post results if a Threshold exists, set the --ci-only-thresholds flag.

Click to view all benchmark results

Benchmark	Latency	microseconds (µs)
com.wire.kalium.benchmarks.logic.CoreLogicBenchmark.createObjectInFiles	📈 view plot ⚠️ NO THRESHOLD	933.47 µs
com.wire.kalium.benchmarks.logic.CoreLogicBenchmark.createObjectInMemory	📈 view plot ⚠️ NO THRESHOLD	420,297.43 µs
com.wire.kalium.benchmarks.persistence.MessageReadBenchmark.inboxPagingDeepPageBenchmark	📈 view plot ⚠️ NO THRESHOLD	133,349.82 µs
com.wire.kalium.benchmarks.persistence.MessageReadBenchmark.inboxPagingFirstPageBenchmark	📈 view plot ⚠️ NO THRESHOLD	130,436.16 µs
com.wire.kalium.benchmarks.persistence.MessageReadBenchmark.localMarkAsReadBenchmark	📈 view plot ⚠️ NO THRESHOLD	3,596.36 µs
com.wire.kalium.benchmarks.persistence.MessageReadBenchmark.messagePagingDeepPageBenchmark	📈 view plot ⚠️ NO THRESHOLD	27,842.18 µs
com.wire.kalium.benchmarks.persistence.MessageReadBenchmark.messagePagingFirstPageBenchmark	📈 view plot ⚠️ NO THRESHOLD	11,803.39 µs
com.wire.kalium.benchmarks.persistence.MessagesNoPragmaTuneBenchmark.messageInsertionBenchmark	📈 view plot ⚠️ NO THRESHOLD	1,374,989.80 µs
com.wire.kalium.benchmarks.persistence.MessagesNoPragmaTuneBenchmark.queryMessagesBenchmark	📈 view plot ⚠️ NO THRESHOLD	21,678.82 µs

🐰 View full continuous benchmarking report in Bencher