21276a47fc
Clears the clean 🟡 remainders from the feature audit (gate-green, 677 tests): - F3: getFallbackSession prefers the session-blob/legacy source with the later expiresAt (a downgrade→upgrade could boot on a stale blob's dead token). - F6: server-forced logout (SessionLoggedOut) now mirrors logoutClient — pushSessionToSW() + best-effort revokeOidcTokens for OIDC sessions (the search plaintext wipe was already added). - N5: deleteUnreadInfo parent fallback `?? roomId` → `?? []` (latently spread the roomId string into chars). - P10: useUserPresence re-seeds when the User object appears after first render. - forward: strip m.mentions so forwarding doesn't re-ping the original mentions. Left open: F5 (OIDC expiry not reachable in persistTokens), N6/H10/D7 (minor / runtime-verify). See LOTUS_TODO. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>