feat(auth): add optional jwt parameter to getAuthenticatorAssuranceLevel

[7ttp]

Summary

Adds an optional jwt parameter to mfa.getAuthenticatorAssuranceLevel(), enabling it to work in server side environments like Edge Functions where no session is stored.

Problem

In Edge Functions, getAuthenticatorAssuranceLevel() always returns { currentLevel: null, nextLevel: null, currentAuthenticationMethods: [] } because it relies on getSession() which reads from storage. Edge Functions don't have a stored session, only the JWT from the Authorization header.

Solution

Added an optional jwt parameter following the same pattern as getUser(jwt?):

closes #1677

[mandarini]

@7ttp thanks for this PR. Can you please:

1. Add some tests for the new JWT code path. Should test:
   - JWT with aal1, no factors returns aal1/aal1
   - JWT with aal1, verified factors returns aal1/aal2
   - Invalid JWT returns error
   - JWT where getUser fails returns error
2. Fix the documentation mismatch. tsdoc says "rarely uses the network" but the new path calls getUser(jwt) which always makes a network request

After these are done, I will share with auth team to get final ok!

[mandarini]

@7ttp can you please rebase your PR with latest master? We made some updates in the workflows, and it will be blocked if you don't rebase

[mandarini]

@7ttp and whoever looks at this PR/addition:

The auth-js library is not optimized for usage in edge functions. I am approving this PR, but with this caveat.

We plan to improve the experience in the next major version