fix(mfa-backup-codes): persist backup codes panel after enable and refresh

Keep MFA backup codes visible after enabling MFA by avoiding protected-route unmount during user reload (`loadUser({ silent: true })`) and restoring pending backup codes from sessionStorage until the user explicitly dismisses them.

client/src/store/authStore.ts

@@ -29,7 +29,8 @@ interface AuthState {
   completeMfaLogin: (mfaToken: string, code: string) => Promise<AuthResponse>
   register: (username: string, email: string, password: string) => Promise<AuthResponse>
   logout: () => void
-  loadUser: () => Promise<void>
+  /** Pass `{ silent: true }` to refresh the user without toggling global isLoading (avoids unmounting protected routes). */
+  loadUser: (opts?: { silent?: boolean }) => Promise<void>
   updateMapsKey: (key: string | null) => Promise<void>
   updateApiKeys: (keys: Record<string, string | null>) => Promise<void>
   updateProfile: (profileData: Partial<User>) => Promise<void>
@@ -129,13 +130,14 @@ export const useAuthStore = create<AuthState>((set, get) => ({
     })
   },
 
-  loadUser: async () => {
+  loadUser: async (opts?: { silent?: boolean }) => {
+    const silent = !!opts?.silent
     const token = get().token
     if (!token) {
-      set({ isLoading: false })
+      if (!silent) set({ isLoading: false })
       return
     }
-    set({ isLoading: true })
+    if (!silent) set({ isLoading: true })
     try {
       const data = await authApi.me()
       set({