Add Authentik sign-in, fix tab scroll insets, and polish multi-account auth.

Mobile app detects SSO per server, supports OAuth sign-in, and preserves saved
sessions when adding accounts. Tab screens get proper chrome layout and tab-bar
clearance with scrollable page headers.

Co-authored-by: Cursor <cursoragent@cursor.com>

lib/complete-sign-in.ts

@@ -0,0 +1,34 @@
+import type { createAuthClient } from "better-auth/react";
+
+import { finalizeAuthenticatedAccount } from "@/lib/auth-storage";
+
+type AuthClient = ReturnType<typeof createAuthClient>;
+
+export async function completeSignInAfterAuth(
+  authClient: AuthClient,
+  input: {
+    apiUrl: string;
+    activeAccountId: string | null;
+    registerAccount: (account: {
+      instanceUrl: string;
+      userId: string;
+      email: string;
+      name: string;
+    }) => Promise<unknown>;
+  },
+): Promise<boolean> {
+  const session = await authClient.getSession();
+  const user = session.data?.user;
+  if (!user) return false;
+
+  await finalizeAuthenticatedAccount({
+    apiUrl: input.apiUrl,
+    userId: user.id,
+    email: user.email,
+    name: user.name,
+    activeAccountId: input.activeAccountId,
+    registerAccount: input.registerAccount,
+  });
+
+  return true;
+}