Fix birthdate updates for OAuth users via gatekeeper

OAuth sessions lack full-access scope, so the PDS blocks reading and
writing personalDetailsPref. Route Blacksky PDS OAuth users through the
gatekeeper which creates a full-access internal session.

The dialog now asks for the account password first, fetches preferences
with full access via /gate/get-preferences (new endpoint), shows the
actual birthdate, and saves via /gate/put-preferences. Non-Blacksky PDS
OAuth users are redirected to their PDS account page. App passwords are
detected and rejected with a clear error message.

Author: rudyfraser