Add QR code login

[clins1994]

Fixes #94

Summary

This PR adds LINE QR code login as a new login flow while keeping the existing email/password flow intact.

Although the user-facing change is simple (scan QR), implementation touches multiple layers because LINE’s QR login uses a different protocol path with long-poll state transitions and E2EE login key bootstrap.

Why this is larger than it looks

QR login is not a variant of email login. It requires:

1. Different LINE endpoints/services (SecondaryQrCodeLoginService + permit-notice long polling)
2. Multi-step async login state machine (session -> QR -> scan wait -> certificate check -> optional PIN -> finalize)
3. E2EE secret/public key injection into QR callback URL for keychain unwrap
4. Request plumbing for QR-specific headers/timeouts (X-Line-Session-ID, X-LST, context-aware long polling)

What changed (by area)

1) Connector login flow wiring

• Added two explicit flows:
  • QR Code (recommended/default)
  • Email and Password (existing fallback)
• New LineQRLogin process implementing display-and-wait behavior
• Reuses shared login finalization path for both email + QR

Files:

• pkg/connector/connector.go

2) LINE QR protocol client

• Added QR RPC methods:
  • CreateQRSession
  • CreateQRCode
  • CheckQRCodeVerified(Context)
  • VerifyCertificate
  • CreatePinCode
  • CheckPinCodeVerified(Context)
  • QRCodeLoginV2
• Added QR response model(s)

Files:

• pkg/line/methods.go
• pkg/line/structs.go

3) Transport updates for QR long-polling

• Extended HMAC POST path with optional options:
  • include/omit x-line-application
  • X-Line-Session-ID
  • X-LST
  • context-aware request
• Timeout handling for long-poll requests

File:

• pkg/line/client.go

4) E2EE QR bootstrap support

• Appends login pubkey + e2ee version to callback URL before rendering QR
• Exposes base64 public key from secret generation

Files:

• pkg/line/qr.go (new)
• pkg/line/secret/secret.go
• pkg/runner.go

5) Docs

• README now explains QR flow, PIN fallback, and email-flow caveat

File:

• README.md

Login flow behavior

1. User selects QR login
2. Bridge creates QR session + QR code
3. Bridge adds E2EE secret/public key to callback URL and displays QR
4. Bridge waits for mobile scan confirmation
5. Bridge tries certificate verification:
   • success: complete login directly
   • failure: create/display PIN and wait for PIN verification
6. Bridge completes qrCodeLoginV2 and stores login metadata

Follow-up commits in this PR

• 33eab2c: QR login token recovery fixes
• 54a2f91: QR login key-handling hardening
• 2f0207c: stale OBS token recovery fix (small isolated bugfix)

Reviewer guide

Recommended review order:

1. pkg/line/methods.go + pkg/line/client.go (protocol + transport)
2. pkg/connector/connector.go (bridge login state machine)
3. E2EE glue (pkg/line/qr.go, pkg/line/secret/secret.go, pkg/runner.go)
4. README

[highesttt]

1. Connect() bootstrap change: when access token is empty, this used to call tryLogin directly; now it calls recoverToken which tries refresh first. For a brand-new login where there's no refresh token yet, that should be a no-op extra call, but did you verify first-time login on a fresh account still works?

2. Panic recovery wrapping E2EEChannelDecryptV1/V2 can you please Log.Error() the recovered panic? Right now recoverLTSMBytes swallows the stack and returns it as a plain error.