server: boot with deferred (credential-less) provider for in-TUI onboarding

The fresh-install path now keeps onboarding entirely in the TUI, but the
spawned server previously refused to start without credentials. Allow the
TUI-spawned server to boot a credential-less MultiProvider when nothing is
configured yet (gated by JCODE_DEFERRED_AUTH_BOOTSTRAP, set in spawn_server).
The in-TUI /login flow then activates a provider through the existing
auth-changed path (MultiProvider::on_auth_changed hot-initializes the newly
logged-in provider), so no server restart is needed.

Genuinely headless callers (jcode run, validation) still fail loudly with
'No credentials configured' since they do not set the opt-in env var.