Eight tests covering the login form, layout-level redirects, logout,
and the obvious adversarial inputs (XSS in username, empty submit,
password field type, leaked tokens). All targeted at /admin/login and
the bounce-back behaviors implemented in +layout.svelte.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
