fix: integration and E2E test correctness after auth enforcement

config_manager: make per-file copy errors non-fatal during restore
  (resolves test failures when /app/config/* is not writable by test runner)
test_live_api.py: fix NameError (_req.Session not requests.Session)
test_negative_scenarios.py: replace raw requests.* with authenticated _S.*
  (all endpoints now require auth; unauthenticated calls return 401)
wg/conftest.py: fix wg_server_info — public key is at /api/wireguard/keys
test_admin_navigation.py, test_peer_acl.py: add .first to ambiguous locators
  to avoid Playwright strict-mode errors when desktop+mobile nav both mount

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/e2e/ui/test_peer_acl.py

@@ -82,7 +82,7 @@ def test_peer_nav_does_not_show_admin_only_links(peer_page, webui_base):
     page.wait_for_load_state('networkidle')
 
     for link_name in ADMIN_ONLY_NAV_LINKS:
-        assert not page.get_by_role('link', name=link_name).is_visible(), (
+        assert not page.get_by_role('link', name=link_name).first.is_visible(), (
             f"Admin-only sidebar link '{link_name}' should NOT be visible to a peer"
         )
 
@@ -96,8 +96,9 @@ def test_peer_nav_shows_allowed_links(peer_page, webui_base):
     page.goto(f"{webui_base}/")
     page.wait_for_load_state('networkidle')
 
+    # Use .first to avoid strict-mode errors when desktop + mobile nav are both mounted.
     for link_name in ('Dashboard', 'My Services', 'Account'):
-        assert page.get_by_role('link', name=link_name).is_visible(), (
+        assert page.get_by_role('link', name=link_name).first.is_visible(), (
             f"Peer sidebar should show link '{link_name}'"
         )