Add server password/authentication support

[BillSteinUNB]

Summary

Add password/authentication support for connecting to OpenCode servers, allowing users to secure their server connections with credentials.

Context

Users have requested the ability to add password protection to their OpenCode server connections for security purposes. This would be particularly valuable when:

• Connecting to servers over the internet (not just local network)
• Running in shared or semi-public environments
• Adding an extra layer of security beyond network-level access

Current State

The OpenCode server already supports basic authentication:

Server Side (already implemented):

• Environment variables OPENCODE_SERVER_PASSWORD and OPENCODE_SERVER_USERNAME
• Uses Hono's basicAuth middleware
• Applied automatically when OPENCODE_SERVER_PASSWORD is set
• Default username is "opencode" if not specified

Client Side (partially implemented):

• The ServerConnection.HttpBase type already has username and password fields
• The SDK client already constructs Basic Auth headers when password is present
• However, the UI for entering these credentials is missing or incomplete

What's Needed

Mobile App UI

1. Server Connection Dialog - Add fields to enter username/password when adding a new server:

   • Input fields for username (optional, defaults to "opencode")
   • Input field for password (optional, shown as password type)
   • Option to show/hide password

2. Server Management - Allow editing credentials for existing servers:

   • Update password for saved servers
   • Clear saved credentials option

3. Connection Security UI:

   • Visual indicator for password-protected servers
   • Clear error messages for auth failures
   • Prompt for credentials if server requires them

Technical Considerations

• Store credentials securely (use iOS Keychain)
• Handle auth failures gracefully with retry options
• Support password changes on the server side
• Consider biometric authentication (Face ID/Touch ID) as an option for unlocking credentials

User Flow

1. User adds a server URL
2. If server requires auth, prompt for username/password
3. Store credentials securely on device
4. Use credentials for all future connections to that server

Alternative Approaches

• Per-session auth: Ask for password each time (less convenient but more secure)
• Biometric unlock: Require Face ID/Touch ID to access stored passwords
• Server-side configuration: Document how to enable password auth for server operators

Labels

• enhancement
• security