fix: persist web login session and correct 403 error classification

- Switch WKWebView to .default() data store so sessions survive
  between popup opens
- Remove data clearing from cleanup() as sessions should persist
- In fetchOrganizations 403: detect HTML response as Cloudflare
  block vs JSON response as auth failure
- In fetchMainUsage 403: return unauthorized since HTML body is
  already handled earlier in the request flow