Support dynamic login_hint and domain_hint registration via mock API

[dickhardt]

Problem

Mockin's loginHints and domainHints maps are built at startup from 5 hardcoded users. When login_hint or domain_hint is passed for a user not in that static list, Mockin rejects the request with invalid_request.

This forces consumers (e.g., Lifecycle's HelloOIDCClient) to add an isMockServer guard that skips sending login_hint/domain_hint entirely in mock mode — which means that code path is never tested in E2E tests.

Proposed Solution

Add mock API endpoints to dynamically register login hints and domain hints:

• PUT /mock/claims should also register the user's email as a valid login_hint and the email domain as a valid domain_hint
• Alternatively, add dedicated endpoints like PUT /mock/login-hints and PUT /mock/domain-hints
• DELETE /mock (reset) should clear dynamically registered hints

This would allow Playwright E2E tests that use setHelloMockUser() to also have working login_hint resolution, and consumers could remove the isMockServer guard.

Context

• Lifecycle HelloOIDCClient.ts has an isMockServer guard that skips login_hint/domain_hint in mock mode
• Lifecycle Playwright tests use dynamic test emails like admin@testorg.com that aren't in Mockin's hardcoded user list
• See: hellocoop/Lifecycle#122