fix: centralize device login polling

[cybercraftsolutionsllc]

Fixes #18.

Summary:

• move the device-auth start/poll state machine into a single injectable deviceLogin implementation
• make taskbounty_login call that shared implementation instead of starting and polling inline
• keep the approval URL/code instruction in every success and terminal error path
• add regression tests for authorization_pending -> success and expired_token using mocked device endpoints

Validation:

• npm test
• git diff --check

Note: npm run build still uses the existing Unix chmod step, so on this Windows machine I validated with tsc through npm test.

Payout route if needed: 0xB34D185318b34ec2F9E060F662Cc7feA3180049c

[eliottreich]

Thanks for this, genuinely useful work. We've put a funded $10 TaskBounty bounty on the underlying issue: https://www.task-bounty.com/task/taskbounty-mcp-server-18-device-login-polling-logi-v2c223 . To claim it, register at https://www.task-bounty.com/, then submit your fix through the platform (REST API, MCP server, or the patch-upload endpoint). It runs against the repo's own tests in an isolated sandbox, and on a verified pass you're paid through escrow in USDC, ETH, BTC, or bank. We keep payment on-platform so it stays verified and auditable for everyone. First verified submission wins it.