fix(e2e): fix WebAuthn and integration test failures

- Use localhost instead of 127.0.0.1 as TARGET_URL so the WebAuthn RP ID
  is a valid domain (the spec forbids IP addresses)
- Replace request.post('/logout') with page.context().clearCookies() since
  Playwright's request fixture has a separate cookie jar from the page
- Add registerPasskey() helper that waits for 'load' event to reliably
  detect the page reload after successful registration
- Track credential count with getCredentialCount() since credentials
  accumulate across serial tests sharing the same database
- Fix login.spec.js selector from #webauthn-login-form to #webauthn-login-btn
  to match the actual template

All 57 E2E tests now pass (50 migrated + 7 WebAuthn).

tests/e2e/login.spec.js

@@ -86,8 +86,8 @@ test.describe('Login page', () => {
       await expect(page.locator('form[hx-post="/login/password"] button[type="submit"]')).toBeVisible();
     });
 
-    test('WebAuthn login form exists', async ({ page }) => {
-      await expect(page.locator('#webauthn-login-form')).toHaveCount(1);
+    test('WebAuthn login button exists', async ({ page }) => {
+      await expect(page.locator('#webauthn-login-btn')).toHaveCount(1);
     });
   });