Summary

Closes #19. Removes the “where do I even get a PAT?” friction from `anvil auth login`.

Before: prompts for a PAT with no guidance. Users have to know that PATs live at `/users/settings/tokens` (which only exists after `fangorn/anvil#211` lands), navigate to it, create a token, copy, paste.

After: after the URL prompt, prints the create-token URL and tries to open it in the default browser via `open` / `xdg-open` / `cmd /C start`. Browser-open failure is non-fatal — the URL is already printed and the prompt proceeds either way.

`–no-browser` flag for headless boxes / scripted setups.

Example

``` $ anvil auth login Anvil server URL (https://anvil.fangorn.io): · Create a token at: https://anvil.fangorn.io/users/settings/tokens · Opened the create-token page in your browser. Paste the token here: ******** ✓ Logged in to https://anvil.fangorn.io ```

What’s next

This is the interim fix while the larger OAuth device-flow work is built (CLI: #18, server: `fangorn/anvil#212`). Device flow eventually replaces this entirely — CLI gets a code, opens browser, polls for token, no copy-paste.

Test plan

• `cargo test` — 32/32 pass (4 new tests covering URL helper + flag parsing)
• `cargo clippy –all-targets – -D warnings` clean
• `cargo fmt` clean
• `anvil auth login –help` shows the new `–no-browser` flag

Depends on

`fangorn/anvil#211` (PAT management UI) — without that landing, opening the URL leads to a 404. Tracked separately.

Closes #19