Fix post-deploy auth issues: best-effort service provisioning, integration test auth, test mock corrections

- api/app.py: email/calendar/files provisioning now best-effort (non-fatal); fixed email_manager.create_email_user call to include domain argument
- tests/integration: added module-level auth sessions to all integration test files; added admin auth to api fixture and _resolve_admin_pass() helper; added TEST_PEER_PASSWORD constant; added password to peer creation calls
- tests/test_peer_provisioning.py: renamed rollback test to reflect new best-effort semantics (email failure no longer causes rollback)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/integration/test_network_services.py

@@ -13,22 +13,34 @@ import requests
 import sys
 import os
 sys.path.insert(0, os.path.dirname(__file__))
-from conftest import API_BASE
+from conftest import API_BASE, _resolve_admin_pass
 
 # Test DNS hostname to use — must be cleaned up after tests
 _TEST_DNS_HOSTNAME = 'inttest-dns-record'
 
+_S: requests.Session = None
+
+
+@pytest.fixture(scope='module', autouse=True)
+def _auth_session():
+    global _S
+    _S = requests.Session()
+    _S.headers['Content-Type'] = 'application/json'
+    r = _S.post(f"{API_BASE}/api/auth/login",
+                json={'username': 'admin', 'password': _resolve_admin_pass()})
+    assert r.status_code == 200, f"Login failed: {r.text}"
+
 
 def get(path, **kw):
-    return requests.get(f"{API_BASE}{path}", **kw)
+    return _S.get(f"{API_BASE}{path}", **kw)
 
 
 def post(path, **kw):
-    return requests.post(f"{API_BASE}{path}", **kw)
+    return _S.post(f"{API_BASE}{path}", **kw)
 
 
 def delete(path, **kw):
-    return requests.delete(f"{API_BASE}{path}", **kw)
+    return _S.delete(f"{API_BASE}{path}", **kw)
 
 
 # ---------------------------------------------------------------------------