Make account the OAuth authorization server instead of federation

All client apps (including federation) now redirect to account for OAuth.
Factory excludes account from OAuth client blueprint registration.
SSO logout chains through account instead of federation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

infrastructure/urls.py

@@ -72,8 +72,8 @@ def market_product_url(product_slug: str, suffix: str = "", market_place=None) -
 def login_url(next_url: str = "") -> str:
     from quart import current_app
 
-    # Federation handles login directly (magic link flow)
-    if current_app.name == "federation":
+    # Account handles login directly (magic link flow — it's the OAuth server)
+    if current_app.name == "account":
         base = "/auth/login/"
         params: list[str] = []
         if next_url:
@@ -86,7 +86,7 @@ def login_url(next_url: str = "") -> str:
             return f"{base}?{'&'.join(params)}"
         return base
 
-    # Client apps: local /auth/login triggers OAuth redirect to federation
+    # Client apps: local /auth/login triggers OAuth redirect to account
     base = "/auth/login/"
     if next_url:
         return f"{base}?next={quote(next_url, safe='')}"