feat(portal): plain no-token "open" links for dev feedback (PORTAL_OPEN_LINKS)

Adds a frictionless shareable link so anyone can open a project's client portal
during dev without minting/copying a magic token. GET /portal/open/{project_id}
(gated by PORTAL_OPEN_LINKS) provisions the client session and lands on /portal;
lives under /portal so it works through a proxy exposing only /portal/*.

The project page's "Copy client link" modal now leads with this Quick share link
(amber, host taken from window.location.origin so it always matches the host you
copied it from — no more LAN-vs-public foot-gun). The token-based generate/list/
revoke stays below for the eventual secure path.

PORTAL_OPEN_LINKS defaults ON for the prototype (whole app is open anyway) and logs
a warning; set =false before real clients. The get_current_client seam is
untouched, so M4 auth still layers in front of the same routes regardless.

Verified: compiles, share script balances, detail.html parses, flag default
on / =false off.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

backend/portal_auth.py

@@ -40,6 +40,15 @@ if SECRET_KEY == "dev-insecure-change-me":
 COOKIE_NAME = "portal_session"
 COOKIE_MAX_AGE = 60 * 60 * 24 * 30  # 30 days
 
+# Dev convenience: plain, no-token portal links (/portal/open/{project_id}) so
+# anyone can open a client portal for feedback without minting a magic link.
+# Defaults ON for the current prototype (the whole app is open anyway); set
+# PORTAL_OPEN_LINKS=false before real clients are on the portal.
+PORTAL_OPEN_LINKS = os.getenv("PORTAL_OPEN_LINKS", "true").lower() in ("1", "true", "yes")
+if PORTAL_OPEN_LINKS:
+    logger.warning("[PORTAL] open links ENABLED — no-token /portal/open/* shareable links. "
+                   "Set PORTAL_OPEN_LINKS=false before real clients.")
+
 
 class PortalAuthError(Exception):
     """Raised by get_current_client when there's no valid portal session.