Update AuthSDK with new AuthSessionManager SDK

[arch1995]

Motivation and Context

Jira Link: https://consensyssoftware.atlassian.net/browse/W3APD-5382

Description

• Use the new authorization apis for tokens & sessions in Auth SDK
• Use new AuthSessionManager SDK from @toruslabs/session-manager-web.

How has this been tested?

Devrels tested this.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• My code follows the code style of this project. (run lint)
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.
• My code requires a db migration.

---

Note

Medium Risk
Touches core login/session/token handling and introduces a new iframe login path, so regressions could affect authentication flows across redirect/popup/iframe modes.

Overview
Updates the Auth SDK to rely on the new authorization APIs for session/token lifecycle: redirect results now hydrate the session via AuthSessionManager.setTokens() and ongoing state is derived from authorize()/rehydration rather than ad-hoc storage.

Adds an iframe-based login mode (SDK_MODE.IFRAME) backed by the new AuthProvider, which embeds the Auth service /frame and completes login via postMessage events (LOGIN_INITIATED/LOGIN_SUCCESS/etc.) with explicit cleanup.

Modernizes popup flows by switching to SecurePubSub-based session result delivery (configurable storageServerUrl/sessionSocketUrl) and adjusts the Vue example to use the updated Auth APIs/options (MFA settings, wallet key, curve selection, include-user-data-in-token).

^{Written by Cursor Bugbot for commit 1f06d67. This will update automatically on new commits. Configure here.}