feat(web-runtime, web-pkg, web-client, web-app-files): [OCISDEV-534] add MFA session expiry warning and session extension

[mzner]

Description

Add a warning modal that notifies users before their MFA session expires. The modal appears 5 minutes before expiry and offers the option to extend the session via silent OIDC renewal (with redirect fallback) or dismiss. A web worker timer handles the countdown to avoid main-thread drift, and a BroadcastChannel synchronizes the modal state across browser tabs.

Related Issue

• Fixes https://github.com/owncloud/web/issues/OCISDEV-534

Motivation and Context

Users with MFA-protected sessions had no warning before their session expired, leading to abrupt logouts. This change gives users advance notice and the ability to seamlessly extend their session without losing context.

How Has This Been Tested?

• test environment: local dev server with oCIS backend, MFA enabled with short session duration for testing
• test case 1: Modal appears ~5 minutes before MFA session expiry
• test case 2: "Extend session" triggers silent OIDC renewal with correct acr_values
• test case 3: Fallback to redirect if silent renewal fails
• test case 4: Open multiple tabs, dismiss/extend in one — all tabs update
• test case 5: Non-MFA sessions are unaffected (no modal when session_duration is absent)
• test case 6: Embedded mode with delegated auth does not initialize the worker

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests
• Documentation
• Maintenance (e.g. dependency updates or tooling)