feat(server): add AuthCookiePlugin for grafserv response interception

- Implement grafserv middleware plugin to set/clear auth cookies
- Intercept signIn/signUp/SSO/MFA mutations to set session cookie
- Intercept signOut/revokeSession to clear cookies
- Handle device token cookies for trusted device tracking
- Parse grafserv BufferResult and inject Set-Cookie headers
- Support both camelCase and snake_case token fields
- Support nested result objects

Includes comprehensive tests:
- Auth failure scenarios (errors, null data, invalid token types)
- Cookie clearing completeness (session + device token)
- Environment-based security attributes
- Grafserv Buffer parsing and header merging

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: theothersideofgod