Add /auth/sso-logout/ endpoint for cross-app logout

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

bp/auth/routes.py

@@ -211,4 +211,13 @@ def register(url_prefix="/auth"):
         resp.delete_cookie("sso_hint", domain=".rose-ash.com", path="/")
         return resp
 
+    @auth_bp.get("/sso-logout/")
+    async def sso_logout():
+        """SSO logout: clear federation session + sso_hint, redirect to blog."""
+        qsession.pop(SESSION_USER_KEY, None)
+        from shared.infrastructure.urls import blog_url
+        resp = redirect(blog_url("/"))
+        resp.delete_cookie("sso_hint", domain=".rose-ash.com", path="/")
+        return resp
+
     return auth_bp