fix: 4 issues — admin password sudo, peer modal, WireGuard fetch creds, port check

1. make reset/show-admin-password: use sudo so data/api/ owned-by-root
   files are writable without explicit sudo prefix

2. Peers.jsx: remove one-time password modal on peer creation — admin
   already knows the password they typed; replace with a success toast
   showing peer name and provisioned accounts

3. WireGuard.jsx + Peers.jsx: add credentials:'include' to every raw
   fetch() call (7 calls across two files, plus fix one hardcoded
   localhost:3000 URL); the port check and peer status calls were
   returning 401 because they didn't send the session cookie

4. test_admin_wireguard.py: update test to match new toast flow (no modal),
   add Scenario 10 test that verifies the port check badge renders on the
   WireGuard page after the credentials fix

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Makefile

@@ -277,10 +277,10 @@ endif
 # ── Admin password management ──────────────────────────────────────────────────
 
 show-admin-password:
-	@python3 scripts/reset_admin_password.py --show
+	@sudo python3 scripts/reset_admin_password.py --show
 
 reset-admin-password:
-	@python3 scripts/reset_admin_password.py --generate
+	@sudo python3 scripts/reset_admin_password.py --generate
 
 test-phase1:
 	cd api && python3 -m pytest tests/test_network_manager.py tests/test_phase1_endpoints.py -v