Fix CLI OAuth login cookie cleanup

[ChiragAgg5k]

What does this PR do?

Fixes CLI OAuth device login so the newly created token-based session removes any legacy cookie value from the active CLI configuration.

Previously, appwrite login --new could report that legacy cookie session data was removed while the new account entry still retained a stale cookie field written during account verification.

Test Plan

• php example.php cli
• composer refactor:check
• composer lint-twig

Related Issue

#XXXX

[greptile-apps]

Greptile Summary

This PR updates CLI OAuth login cleanup for legacy cookie sessions. The main changes are:

• Adds a removeCookie() helper on global CLI config.
• Removes the active session cookie after OAuth account verification.
• Keeps legacy session removal reporting in the OAuth login flow.

Confidence Score: 4/5

The change is narrowly scoped, but the cookie cleanup ordering can still leave stale cookie data on the active token session.

The modified OAuth login path and config helper are straightforward, and the remaining issue is localized to the ordering of cleanup operations.

templates/cli/lib/auth/login.ts

T-Rex Logs

What T-Rex did

• Ran a focused Node harness that models login cleanup ordering, removes the active OAuth session cookie, and then invokes legacy session cleanup.
• The harness simulated the legacy ClientLegacy.call response and persisted an a_session_console Set-Cookie to the currently active OAuth session.
• The final assertion failed because the active token session reacquired the cookie as a_session_console=regressed_stale_cookie after removeLegacySessionsExcept completed.

_{Ran code and verified through T-Rex}

_{Reviews (1): Last reviewed commit: "Fix CLI OAuth login cookie cleanup" | Re-trigger Greptile}

[greptile-apps]

Cookie cleanup can regress

removeCookie() runs before removeLegacySessionsExcept(id), but legacy session revocation uses ClientLegacy.call(), which persists any a_session_console= Set-Cookie response back to the active global config. Since the new OAuth session is current during that cleanup, a logout response that expires or updates the legacy cookie can write a cookie field onto the new token session after it was removed. In that case login --new can still finish with stale cookie data in the newly created session.

Suggested change

	globalConfig.removeCookie();
	const { removed: removedLegacySessions, failed: failedLegacySessions } =
	await removeLegacySessionsExcept(id);
	const { removed: removedLegacySessions, failed: failedLegacySessions } =
	await removeLegacySessionsExcept(id);
	globalConfig.removeCookie();