Add end-to-end integration test: CLI create → widget verify

[bordumb]

Problem

The CLI and widget are developed in separate repos with no integration test that exercises the full pipeline:

1. auths id create writes identity to refs/auths/registry
2. Widget reads refs/auths/registry via GitHub API
3. Widget decodes CESR keys, builds attestation chain, renders badge

We just fixed a mismatch where the widget was looking at refs/auths/devices/nodes/ while the CLI writes to refs/auths/keys/. This class of bug is invisible until you test the full flow.

Proposal

Add a CI job (or local script) that:

1. Creates a temporary repo
2. Runs auths id create + auths id attest to push real identity data
3. Runs the widget's resolveFromRepo() against that repo
4. Asserts the bundle is valid (non-null identity_did, public_key_hex, attestation_chain)

A live E2E test already exists at auths-verify-widget/tests/e2e/live-resolve.test.ts that validates against auths-dev/example-verify-badge. This could be extended or formalized.

Why this matters

Without this, any change to the CLI's storage layout silently breaks the widget. The registry format (v1/identities/XX/YY/…/state.json) is an implicit contract between CLI and widget — it needs a test.