v2.0.5 - Security Fix: Back-Button Bypass

⚠️ Security Release

All users should upgrade immediately.

Vulnerability

A critical authentication bypass allowed users to skip Duo two-factor authentication by pressing the browser back button after being redirected to Duo.

Attack flow:

1. User logs in with username/password ✓
2. Plugin redirects to Duo for 2FA
3. User presses browser back button without completing Duo
4. User gains access to mailbox — 2FA bypassed ❌

Fix

Added a startup hook that runs on every request and verifies Duo authentication was completed. Incomplete auth states now force immediate logout.