Sign-in button → account app, clear old shared cookie

- Nav sign-in links point to account_url('/') instead of login_url()
- After-request hook clears old blog_session cookie on .rose-ash.com
  (prevents collision with new per-app first-party cookies)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

infrastructure/factory.py

@@ -127,6 +127,13 @@ def create_base_app(
         await protect()
 
     # --- after-request hooks ---
+    # Clear old shared-domain session cookie (migration from .rose-ash.com)
+    @app.after_request
+    async def _clear_old_shared_cookie(response):
+        if request.cookies.get("blog_session"):
+            response.delete_cookie("blog_session", domain=".rose-ash.com", path="/")
+        return response
+
     @app.after_request
     async def _add_hx_preserve_search_header(response):
         value = request.headers.get("X-Search")