#10800: fix(ui): apply token from URL param to settings

## Summary This PR fixes a bug where the `token` URL parameter was being read and removed from the URL but never actually applied to the application settings. This prevented the dashboard from automatically authenticating when opened with a constructed URL (e.g., `?gatewayUrl=...&token=...`). ## Changes - Modified `applySettingsFromUrl` in `ui/src/ui/app-settings.ts` to correctly assign the `token` to the settings object and persist it before cleaning the URL. - Added a new test file `ui/src/ui/app-settings-url.test.ts` to verify that both `token` and `gatewayUrl` parameters are correctly processed, applied to settings, and removed from the browser history. ## Testing - Verified with new unit tests in `ui/src/ui/app-settings-url.test.ts`. - `token` is now correctly saved to localStorage, allowing immediate connection on load without manual entry. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> - Fixes `applySettingsFromUrl` so a `token` query param is actually persisted into UI settings before the URL is cleaned. - Adds a new Vitest file to assert that `token` and `gatewayUrl` URL params are applied and removed via `history.replaceState`. - Change is localized to the UI settings URL parsing path (`ui/src/ui/app-settings.ts`). <h3>Confidence Score: 3/5</h3> - This PR is close, but the new test file likely fails and URL cleanup is inconsistent for the session param. - The `token` fix in `applySettingsFromUrl` is straightforward, but the added test uses a likely-nonexistent/incorrect module import for mocking and constructs a potentially invalid URL for `pushState`. Additionally, `session` is applied without being removed from the URL, which conflicts with the function’s cleanup behavior for other params. - ui/src/ui/app-settings-url.test.ts, ui/src/ui/app-settings.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->