fix: dashboard shows Nous Portal as 'not connected' despite active auth (#9261)

The dashboard device-code flow (_nous_poller in web_server.py) saved
credentials to the credential pool only, while get_nous_auth_status()
only checked the auth store (auth.json). This caused the Keys tab to
show 'not connected' even when the backend was fully authenticated.

Two fixes:
1. get_nous_auth_status() now checks the credential pool first (like
   get_codex_auth_status() already does), then falls back to the auth
   store.
2. _nous_poller now also persists to the auth store after saving to
   the credential pool, matching the CLI flow (_login_nous).

Adds 3 tests covering pool-only, auth-store-fallback, and empty-state
scenarios.

hermes_cli/web_server.py

@@ -1216,6 +1216,22 @@ def _nous_poller(session_id: str) -> None:
             "base_url": full_state.get("inference_base_url"),
         })
         pool.add_entry(entry)
+        # Also persist to auth store so get_nous_auth_status() sees it
+        # (matches what _login_nous in auth.py does for the CLI flow).
+        try:
+            from hermes_cli.auth import (
+                _load_auth_store, _save_provider_state, _save_auth_store,
+                _auth_store_lock,
+            )
+            with _auth_store_lock():
+                auth_store = _load_auth_store()
+                _save_provider_state(auth_store, "nous", full_state)
+                _save_auth_store(auth_store)
+        except Exception as store_exc:
+            _log.warning(
+                "oauth/device: credential pool saved but auth store write failed "
+                "(session=%s): %s", session_id, store_exc,
+            )
         with _oauth_sessions_lock:
             sess["status"] = "approved"
         _log.info("oauth/device: nous login completed (session=%s)", session_id)