fix: prefer complete browser cookie profiles

[ponyfly6]

Fixes #4

This updates browser cookie extraction so boss login --cookie-source chrome keeps scanning Chrome profiles until it finds a complete Boss session cookie set.

Why this is needed:

• some macOS Chrome setups keep only partial .zhipin.com cookies in Default
• the complete authenticated set (__zp_stoken__, wt2, wbg, zp_at) may live in Profile 1 or another profile
• the current logic can stop on the first partial match, which makes boss login --cookie-source chrome fall back to QR login and leaves boss search unusable

What changed:

• prefer complete cookie candidates over partial matches during in-process extraction
• apply the same preference in the subprocess fallback path
• keep the richest partial candidate only as a fallback when no complete session exists
• add regression coverage for the Default partial / Profile 1 complete scenario
• remove one pre-existing Ruff warning so CI stays green

This covers the same multi-profile Chrome issue as #12, but avoids stopping at the first partial cookie match.

Validation:

• uv run ruff check .
• uv run pytest tests/test_auth.py tests/test_cli.py -q
• reproduced locally on macOS with a real Chrome Profile 1 containing the full Boss session cookies