Fix Chrome import for HttpOnly Slack cookie

[sudhanshug16]

Summary

• Keep the existing Chrome tab/localStorage extraction for xoxc team tokens.
• Fall back to Chrome profile cookie databases when the Slack d cookie is not visible to page JavaScript.
• Decrypt Chromium v10/v11 cookie values with Chrome Safe Storage, matching the existing Brave importer approach.
• Await Chrome import at CLI call sites because cookie DB access uses the repo's async read-only SQLite helper.

Fixes the Chrome side of #13.

Why

Recent/current Slack sessions may store .slack.com cookie d as HttpOnly. In that state, this existing Chrome importer path fails even though the user is logged in and AppleScript JavaScript execution works:

document.cookie.split('; ').find(c => c.startsWith('d='))?.split('=')[1] || ''

I reproduced this on macOS with agent-slack 0.9.3: the Slack tab exposed localConfig_v2 with an xoxc-* team token, while Chrome's Cookies DB contained .slack.com cookie d with is_httponly = 1.

Verification

• bun run typecheck
• bun test
• bun run lint exits 0; existing warnings remain unrelated
• bun run format:check
• bun run build:npm
• bun run src/index.ts auth import-chrome imported 1 workspace token from my logged-in Chrome Slack session