fix: align CLI auth compatibility checks

[tnunamak]

Summary

• Align Web3Signed bodyHash with the current SDK and Personal Server format: sha256:, including the canonical empty-body hash.
• Keep connect --json --no-input state as needs_input when a connector emits collection-complete after requiring credentials.
• Refresh a stale auth test fixture expiry.

Verification

• pnpm test
• pnpm build
• pnpm lint
• pnpm lint:eslint
• pnpm format:check
• pnpm pack:check
• pnpm pack --pack-destination /home/tnunamak/.tmp/vana-cli-pack
• temp global install with pnpm add -g /home/tnunamak/.tmp/vana-cli-pack/vana-cli-2.0.0.tgz
• installed binary smoke: vana --help, vana version --json, vana sources --json, vana status --json, vana connect github --json --no-input

Notes
This PR is intentionally limited to mechanical compatibility fixes found during the modern stack audit. Larger product/API gaps remain in the audit report.

[tnunamak]

Merged #2 into this branch via 700b708 and re-ran validation.

Local checks:

• pnpm install --frozen-lockfile
• pnpm test: 259/259 passing
• pnpm build
• pnpm lint / lint:eslint / format:check
• pnpm pack:check
• pnpm preflight:cli (passed; discarded local transcript regeneration noise)
• pnpm build:sea:smoke
• pnpm sea:check for linux artifact
• pnpm test:install:unix
• Node 20 + Node 22 pnpm test and pnpm lint via npx

Independent agent checks:

• Sonnet confirmed the combined diff is only the CLI auth/bodyHash/no-input fix plus the DataConnect DOWNLOAD_VERSION 0.7.35 -> 0.7.52 bump.
• Sonnet passed lint, eslint, format, test, build, and pack:check.

GitHub CI after push: all 6 checks passing, including Node 20/22, Linux SEA, Windows SEA, demo-preview, and semantic PR title.

Residual risk: this repo proves the client emits the new sha256: bodyHash format and packages/installs cleanly, but it cannot by itself prove the remote Personal Server verifier accepts that wire format. Confidence is high for merge/package/install behavior; live cloud read would be the last >95% proof.