fix: integration and E2E test correctness after auth enforcement

config_manager: make per-file copy errors non-fatal during restore
  (resolves test failures when /app/config/* is not writable by test runner)
test_live_api.py: fix NameError (_req.Session not requests.Session)
test_negative_scenarios.py: replace raw requests.* with authenticated _S.*
  (all endpoints now require auth; unauthenticated calls return 401)
wg/conftest.py: fix wg_server_info — public key is at /api/wireguard/keys
test_admin_navigation.py, test_peer_acl.py: add .first to ambiguous locators
  to avoid Playwright strict-mode errors when desktop+mobile nav both mount

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/integration/test_negative_scenarios.py

@@ -90,7 +90,7 @@ class TestPeerNegative:
         _assert_error_response(r, 400)
 
     def test_create_peer_empty_body_returns_400(self):
-        r = requests.post(
+        r = _S.post(
             f"{API_BASE}/api/peers",
             data='',
             headers={'Content-Type': 'application/json'},
@@ -129,7 +129,7 @@ class TestPeerNegative:
 
     def test_create_peer_plain_text_body_returns_400(self):
         """Sending plain text instead of JSON should produce a 400."""
-        r = requests.post(
+        r = _S.post(
             f"{API_BASE}/api/peers",
             data='name=foo&public_key=bar',
             headers={'Content-Type': 'text/plain'},
@@ -143,7 +143,7 @@ class TestPeerNegative:
 
 class TestConfigNegative:
     def test_put_config_null_body_returns_400(self):
-        r = requests.put(
+        r = _S.put(
             f"{API_BASE}/api/config",
             data='null',
             headers={'Content-Type': 'application/json'},
@@ -151,7 +151,7 @@ class TestConfigNegative:
         assert r.status_code == 400
 
     def test_put_config_completely_invalid_json_returns_400(self):
-        r = requests.put(
+        r = _S.put(
             f"{API_BASE}/api/config",
             data='{bad json}}}',
             headers={'Content-Type': 'application/json'},
@@ -223,7 +223,7 @@ class TestConfigNegative:
 class TestDnsRecordsNegative:
     def test_delete_dns_record_empty_body_does_not_crash(self):
         """Sending an empty JSON body to DELETE /api/dns/records must not 500."""
-        r = requests.delete(
+        r = _S.delete(
             f"{API_BASE}/api/dns/records",
             json={},
             headers={'Content-Type': 'application/json'},
@@ -235,7 +235,7 @@ class TestDnsRecordsNegative:
 
     def test_delete_dns_record_no_content_type_does_not_crash(self):
         """Sending DELETE with no body at all must return a parseable response."""
-        r = requests.delete(f"{API_BASE}/api/dns/records")
+        r = _S.delete(f"{API_BASE}/api/dns/records")
         assert r.status_code in (200, 400, 404, 500)
         r.json()
 
@@ -246,7 +246,7 @@ class TestDnsRecordsNegative:
 
 class TestDhcpReservationsNegative:
     def test_add_reservation_no_body_returns_400(self):
-        r = requests.post(
+        r = _S.post(
             f"{API_BASE}/api/dhcp/reservations",
             data='',
             headers={'Content-Type': 'application/json'},
@@ -269,7 +269,7 @@ class TestDhcpReservationsNegative:
         _assert_json_error(r)
 
     def test_delete_reservation_empty_body_returns_400(self):
-        r = requests.delete(
+        r = _S.delete(
             f"{API_BASE}/api/dhcp/reservations",
             data='',
             headers={'Content-Type': 'application/json'},
@@ -310,7 +310,7 @@ class TestContainersNegative:
 
 class TestWireGuardKeyGenNegative:
     def test_generate_keys_empty_body_returns_400(self):
-        r = requests.post(
+        r = _S.post(
             f"{API_BASE}/api/wireguard/keys/peer",
             json={},
             headers={'Content-Type': 'application/json'},