auth: issue RS256 session cookies when OIDC key is configured

Login endpoint switches from HS256 JWT to RS256 id_token (aud="bincio",
30-day TTL) when oidc_private_key_pem is set. Existing HS256 sessions
remain valid on bincio-activity until they naturally expire.

bincio/auth/routers/auth.py

@@ -40,7 +40,10 @@ async def login(body: LoginRequest, request: Request) -> JSONResponse:
     if not user:
         raise HTTPException(401, "Invalid credentials")
 
-    token = deps._issue_jwt(user)
+    if deps.oidc_private_key_pem:
+        token = deps._issue_id_token(user, client_id="bincio", ttl=deps._JWT_TTL)
+    else:
+        token = deps._issue_jwt(user)
     resp = JSONResponse({
         "ok": True,
         "handle": user.handle,