Pass L1_PUBLIC_URL when verifying tokens with L2

L2 now requires L1 servers to identify themselves for authorization.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

server.py

@@ -410,6 +410,7 @@ def _verify_token_with_l2_sync(token: str, l2_server: str) -> Optional[str]:
         resp = http_requests.post(
             f"{l2_server}/auth/verify",
             headers={"Authorization": f"Bearer {token}"},
+            json={"l1_server": L1_PUBLIC_URL},  # Identify ourselves to L2
             timeout=5
         )
         if resp.status_code == 200: