#23280: fix(control-ui): remove stale allowInsecureAuth suggestion from error message (#22974)

## Problem Since 2026.2.21, `allowInsecureAuth: true` no longer enables token-only HTTP access to the Control UI. However, the disconnect error message still told users to set this option as a fix — making it actively misleading. ## Changes - Updated disconnect error message in `message-handler.ts` to remove the stale `allowInsecureAuth` suggestion and point users to HTTPS or a reverse proxy (nginx/Caddy) instead - Updated `audit.ts` warning detail to accurately reflect that `allowInsecureAuth` no longer bypasses secure context requirements ## Tests - 78 existing audit tests pass with no regressions ## Closes Closes #22974 <!-- greptile_comment --> <h3>Greptile Summary</h3> Removes stale `allowInsecureAuth` suggestion from Control UI error messages to align with security hardening introduced in 2026.2.21 that requires secure context and device identity checks regardless of the `allowInsecureAuth` setting. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge - it only updates error messages to reflect actual behavior - The changes are documentation-only updates to error messages that align them with the security hardening implemented in 2026.2.21. No functional code changes, all tests pass, and the updates correctly guide users to proper solutions (HTTPS or localhost) instead of misleading them about `allowInsecureAuth` capabilities. - No files require special attention _{Last reviewed commit: 4c41723} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->