Fail authentication when browser state is older than 14 days

[chewinggum604-art]

Summary

Today, AuthManager.is_authenticated() only soft-warns when the browser
state file is older than 7 days but still returns True. If the cookies have
actually expired, the next ask_question call ends up timing out at the
NotebookLM URL wait — without a clear hint that re-auth is what's needed.

This PR adds a hard cutoff at 14 days. Past that, is_authenticated()
returns False and prints the exact command to recover.

Behavior

• 0–7 days: silent (no change).
• 7–14 days: soft warning, returns True (no change).

• 14 days: prints expiration message + recovery command, returns False
  (new).

The thresholds live as class constants STALE_WARN_DAYS and
STALE_FAIL_DAYS on AuthManager, so they're easy to tune.

Why 14 days?

Google session cookies typically survive 2 weeks of inactivity in my
testing. 14 is conservative enough that we don't fail valid sessions, but
catches the dead-cookie case before downstream timeouts hit. Open to
discussion.

Diff

 scripts/auth_manager.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)