Phase 5 cleanup: remove legacy HTML components, fix nav-tree fragment

- Remove old raw! layout components (~app-head, ~app-layout, ~oob-response,
  ~header-row, ~menu-row, ~oob-header, ~header-child) from layout.sexp
- Convert nav-tree fragment from Jinja HTML to sexp source, fixing the
  "Unexpected character: ." parse error caused by HTML leaking into sexp
- Add _as_sexp() helper to safely coerce HTML fragments to ~rich-text
- Fix federation/sexp/search.sexpr extra closing paren
- Remove dead _html() wrappers from blog and account sexp_components
- Remove stale render import from cart sexp_components
- Add dev_watcher.py to auto-reload on .sexp/.sexpr/.js/.css changes
- Add test_parse_all.py to parse-check all 59 sexpr/sexp files
- Fix test assertions for sx- attribute prefix (was hx-)
- Add sexp.js version logging for cache debugging

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

account/entrypoint.sh

@@ -54,6 +54,7 @@ fi
 RELOAD_FLAG=""
 if [[ "${RELOAD:-}" == "true" ]]; then
   RELOAD_FLAG="--reload"
+  python3 -m shared.dev_watcher &
   echo "Starting Hypercorn (${APP_MODULE:-app:app}) with auto-reload..."
 else
   echo "Starting Hypercorn (${APP_MODULE:-app:app})..."

account/sexp/sexp_components.py

@@ -371,12 +371,6 @@ async def render_check_email_page(ctx: dict) -> str:
 # Public API: Fragment renderers for POST handlers
 # ---------------------------------------------------------------------------
 
-def render_newsletter_toggle_html(un) -> str:
-    """Render a newsletter toggle switch for POST response."""
-    from shared.browser.app.csrf import generate_csrf_token
-    return _newsletter_toggle_sexp(un, lambda p: f"/newsletter/{un.newsletter_id}/toggle/" if "/toggle/" in p else p,
-                                   generate_csrf_token())
-
 
 def render_newsletter_toggle(un) -> str:
     """Render a newsletter toggle switch for POST response (uses account_url)."""