fix: recover auth from masterKeySig in URL fallback path

[Kahtaf]

Summary

When a user opens a vana://connect?...&masterKeySig=0x... deep link, the data export flow completes but clicking "Allow" on the grant page fails with "Not signed in". The masterKeySig is cryptographically sufficient to derive the wallet address (via recoverAddress), so the user should be authenticated without any extra sign-in step.

Root cause

useDeepLink has two code paths:

1. Native Tauri path — calls handleGrantParams which runs recoverAddress → dispatches setAuthenticated. Works correctly.
2. Fallback URL-param path — fires when grant params are already in location.search (page reload, dev mode, re-mount). This path only called setDeepLinkParams and navigate — it never called recoverAddress or setAuthenticated. Auth state was silently lost.

The error surfaced in use-grant-flow.ts where handleApprove checks !isAuthenticated || !walletAddress and bails.

Fix

Added the same recoverAddress + setAuthenticated recovery logic to the fallback effect in use-deep-link.ts. When params.masterKeySignature is present in URL params, the fallback path now derives the wallet address and populates Redux auth state. The dispatch is idempotent — if auth is already set from the native path, re-dispatching with the same values is a no-op.

Validation

• Added test: "recovers auth from masterKeySig in URL params (fallback path)" — renders the hook with masterKeySig in URL params (no Tauri plugin trigger), asserts recoverAddress is called and setAuthenticated is dispatched
• All 247 tests pass
• tsc -b clean (no type errors)