fix(mobile-app): fix 401 token refresh not working

1. Add /user/auto-login to publicPaths so it doesn't inject old token
2. Skip 401 handling for auto-login itself to avoid recursion
3. Add debug logs for token refresh flow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

frontend/mobile-app/lib/core/network/api_client.dart

@@ -60,6 +60,7 @@ class ApiClient {
     // 不需要 Token 的接口
     final publicPaths = [
       '/user/auto-create',
+      '/user/auto-login',  // 刷新 token 接口不需要带旧 token
       '/user/login',
       '/user/register',
       '/user/send-sms-code',
@@ -93,15 +94,23 @@ class ApiClient {
     ErrorInterceptorHandler handler,
   ) async {
     // 401 错误尝试刷新 Token
-    if (error.response?.statusCode == 401) {
+    // 排除 auto-login 本身的 401 错误，避免递归
+    final isAutoLogin = error.requestOptions.path.contains('/user/auto-login');
+    if (error.response?.statusCode == 401 && !isAutoLogin) {
+      debugPrint('401 error detected, attempting token refresh...');
       try {
         final refreshed = await _tryRefreshToken();
         if (refreshed) {
+          debugPrint('Token refresh successful, retrying original request...');
           // 重试原请求
           final response = await _retryRequest(error.requestOptions);
           return handler.resolve(response);
+        } else {
+          debugPrint('Token refresh failed, clearing auth data...');
+          await _clearAuthData();
         }
       } catch (e) {
+        debugPrint('Token refresh exception: $e');
         // 刷新失败，清除登录状态
         await _clearAuthData();
       }