ponymail-mcp: opt-in Chrome auto-extract for login + smarter paste form

Adds an opt-in PONYMAIL_AUTO_EXTRACT_COOKIE=1 path that reads the ponymail
cookie out of the local Chrome cookie DB (decrypting via macOS Keychain),
so users don't have to paste from DevTools every session. Strictly opt-in,
prints a loud startup warning when active, requires additional sandboxing
(e.g. Apache Magpie) per the README and in-page warning because it grants
the MCP process broad Chrome cookie / Keychain access.

When auto-extract isn't available, the paste form is improved: smart
server-side extraction (any paste shape), live /preview validation as the
user types, Submit gated on success, clearer DevTools instructions (filter
on `preferences.lua`, with an accurate "why some rows lack the cookie"
note covering analytics / tracking pixels).

Firefox and Safari extraction was evaluated and removed — Firefox Bounce
Tracking Protection (109+) and Safari ITP hold OAuth-derived session
cookies in memory only and never persist them to the on-disk cookie store.

43/43 tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>