fix(auth): distinct login message for OAuth access_denied

[postoso]

Fixes #2956

OAuth callbacks redirect denied or cancelled logins to /login?error=access_denied, but no auth.login.errors.access_denied translation key existed. The frontend builds the i18n key as auth.login.errors.${error.toLowerCase()}, so access_denied fell through to the generic "Unable to sign in" default, the same message shown for token or state failures. That is misleading for an explicit user or provider denial and can loop the user through retry.

The change

• Add an access_denied key to all 23 locale files, with a message that distinguishes cancellation/denial from infrastructure failures.
• Add a test asserting the key exists, is distinct from default, and is present across every locale.

Notes

• The key is access_denied (lowercase, matching the OAuth error code), because the frontend lowercases the raw error before the lookup. No backend change is needed; main already routes the raw error through _get_oauth_redirect_error.
• The non-English strings are machine-assisted translations (verified non-garbled and consistent in meaning); happy to refine any with native-speaker feedback.

---

Summary by cubic

Show a clear message when an OAuth login is cancelled or access is denied, instead of the generic failure text. This reduces confusion and prevents unnecessary retries.

• Bug Fixes
  • Added auth.login.errors.access_denied to all 23 locale JSON files with clear copy.
  • Added tests to ensure the key exists in every locale, differs from default, and that login error structures match en-US.

^{Written for commit ec7547e. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 24 files

_{Re-trigger cubic}

[dokterbob]

Thanks for the contribution, but I already created a pull request for this one. I would love it if you could actually have a look at that and tell me if it works for you. #2955

Closing for now as a dup.