feat(electron): add persistent auth, auto-updater, and NAS copy script

- Integrate electron-store for persistent PocketBase auth backup
  across localStorage clears and app reinstalls
- Switch build target from portable to nsis to generate latest.yml
  for electron-updater generic provider
- Add user confirmation dialogs before download and before install
- Add post-build script to copy .exe/.yml/.nupkg to NAS share and
  local electron-update/ directory for nginx volume mount
- Mount ./electron-update into frontend nginx containers via
  docker-compose for automatic update file serving

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/api/pocketbase.ts

@@ -7,6 +7,27 @@ export const pb = new PocketBase(pbUrl)
 
 // SDK v0.21+ 自动使用 localStorage 持久化，无需手动 cookie 操作
 
+// Electron 环境下使用 electron-store 做更持久的备份
+const eAPI = (window as any).electronAPI
+if (eAPI?.storeGet) {
+  // 若 localStorage 无有效认证，尝试从 electron-store 恢复
+  if (!pb.authStore.isValid) {
+    const saved = eAPI.storeGet('pb_auth')
+    if (saved?.token && saved?.model) {
+      pb.authStore.save(saved.token, saved.model)
+    }
+  }
+
+  // 认证状态变化时同步到 electron-store
+  pb.authStore.onChange((token: string, model: any) => {
+    if (token && model) {
+      eAPI.storeSet('pb_auth', { token, model })
+    } else {
+      eAPI.storeDelete('pb_auth')
+    }
+  })
+}
+
 // 获取当前用户
 export function getCurrentUser() {
   return pb.authStore.model
@@ -20,6 +41,10 @@ export function isAuthenticated(): boolean {
 // 登出
 export function logout() {
   pb.authStore.clear()
+  const eAPI = (window as any).electronAPI
+  if (eAPI?.storeDelete) {
+    eAPI.storeDelete('pb_auth')
+  }
   window.location.href = '/login'
 }