fix(auth): auto-authenticate on browser reopen using silent fallback chain

[dkhalife]

Fixes the browser reopen flow where users had to click Sign in even though Azure would accept the redirect immediately with no credential prompt.

[Copilot]

Pull request overview

Improves the frontend’s Azure AD authentication flow so returning users are automatically re-authenticated on browser reopen, reducing unnecessary /login prompts while still handling first-time visitors.

Changes:

• Extend loginSilently() to try acquireTokenSilent() and then fall back to ssoSilent(); introduce tenant-aware account selection and hasCachedAccounts().
• Update App.tsx to auto-trigger loginWithRedirect() when silent auth fails but tenant-matching accounts exist.
• Update LoginView.tsx to auto-redirect when arriving at /login with cached tenant accounts.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
frontend/src/utils/msal.ts	Adds tenant-aware account selection, cached-account detection, and a silent auth fallback chain.
frontend/src/App.tsx	Uses cached-account detection to decide between auto-redirect vs. navigating to /login.
frontend/src/views/Authorization/LoginView.tsx	Adds an automatic redirect safety net for direct /login visits when accounts are cached.

Comments suppressed due to low confidence (1)

frontend/src/App.tsx:93

• loginWithRedirect() is awaited here without error handling. If the redirect initiation fails, componentDidMount will throw and can break initial app render rather than falling back to /login. Wrap the redirect attempt in try/catch and fall back to navigate(NavigationPaths.Login) (or show an error) on failure.

      if (await hasCachedAccounts()) {
        await loginWithRedirect()
      } else if (this.props.pathname !== NavigationPaths.Login && this.props.pathname !== NavigationPaths.Privacy) {