Send all responses as sexp wire format with client-side rendering

- Server sends sexp source text, client (sexp.js) renders everything
- SexpExpr marker class for nested sexp composition in serialize()
- sexp_page() HTML shell with data-mount="body" for full page loads
- sexp_response() returns text/sexp for OOB/partial responses
- ~app-body layout component replaces ~app-layout (no raw!)
- ~rich-text is the only component using raw! (for CMS HTML content)
- Fragment endpoints return text/sexp, auto-wrapped in SexpExpr
- All _*_html() helpers converted to _*_sexp() returning sexp source
- Head auto-hoist: sexp.js moves meta/title/link/script[ld+json]
  from rendered body to document.head automatically
- Unknown components render warning box instead of crashing page
- Component kwargs preserve AST for lazy rendering (fixes <> in kwargs)
- Fix unterminated paren in events/sexp/tickets.sexpr

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

federation/sexp/auth.sexpr

@@ -1,12 +1,12 @@
 ;; Auth components (login, check email, choose username)
 
 (defcomp ~federation-error-banner (&key error)
-  (div :class "bg-red-50 border border-red-200 text-red-700 p-3 rounded mb-4" (raw! error)))
+  (div :class "bg-red-50 border border-red-200 text-red-700 p-3 rounded mb-4" error))
 
-(defcomp ~federation-login-form (&key error-html action csrf email)
+(defcomp ~federation-login-form (&key error action csrf email)
   (div :class "py-8 max-w-md mx-auto"
     (h1 :class "text-2xl font-bold mb-6" "Sign in")
-    (raw! error-html)
+    error
     (form :method "post" :action action :class "space-y-4"
       (input :type "hidden" :name "csrf_token" :value csrf)
       (div
@@ -18,21 +18,21 @@
         "Send magic link"))))
 
 (defcomp ~federation-check-email-error (&key error)
-  (div :class "bg-yellow-50 border border-yellow-200 text-yellow-700 p-3 rounded mt-4" (raw! error)))
+  (div :class "bg-yellow-50 border border-yellow-200 text-yellow-700 p-3 rounded mt-4" error))
 
-(defcomp ~federation-check-email (&key email error-html)
+(defcomp ~federation-check-email (&key email error)
   (div :class "py-8 max-w-md mx-auto text-center"
     (h1 :class "text-2xl font-bold mb-4" "Check your email")
-    (p :class "text-stone-600 mb-2" "We sent a sign-in link to " (strong (raw! email)) ".")
+    (p :class "text-stone-600 mb-2" "We sent a sign-in link to " (strong email) ".")
     (p :class "text-stone-500 text-sm" "Click the link in the email to sign in. The link expires in 15 minutes.")
-    (raw! error-html)))
+    error))
 
-(defcomp ~federation-choose-username (&key domain error-html csrf username check-url)
+(defcomp ~federation-choose-username (&key domain error csrf username check-url)
   (div :class "py-8 max-w-md mx-auto"
     (h1 :class "text-2xl font-bold mb-2" "Choose your username")
     (p :class "text-stone-600 mb-6" "This will be your identity on the fediverse: "
-      (strong "@username@" (raw! domain)))
-    (raw! error-html)
+      (strong "@username@" domain))
+    error
     (form :method "post" :class "space-y-4"
       (input :type "hidden" :name "csrf_token" :value csrf)
       (div
@@ -43,8 +43,8 @@
             :pattern "[a-z][a-z0-9_]{2,31}" :minlength "3" :maxlength "32"
             :required true :autocomplete "off"
             :class "flex-1 border border-stone-300 rounded px-3 py-2 focus:outline-none focus:ring-2 focus:ring-stone-500"
-            :hx-get check-url :hx-trigger "keyup changed delay:300ms" :hx-target "#username-status"
-            :hx-include "[name='username']"))
+            :sx-get check-url :sx-trigger "keyup changed delay:300ms" :sx-target "#username-status"
+            :sx-include "[name='username']"))
         (div :id "username-status" :class "text-sm mt-1")
         (p :class "text-xs text-stone-400 mt-1" "3-32 characters. Lowercase letters, numbers, underscores. Must start with a letter."))
       (button :type "submit"