fix: secure login flow with copy-paste API key exchange

[KAJdev]

the old login flow had the CLI poll for the API key after browser approval. any process that knew the request ID could intercept the key via the same unauthenticated query.

replaces polling with a copy-paste flow: the browser displays the generated API key after approval, and the user pastes it into the CLI prompt. the CLI never fetches the key over the network.

also removes the get_flash_auth_request_status polling method from the GraphQL client since it is no longer needed.

AE-3128

[promptless]

Promptless prepared a documentation update related to this change.

Triggered by runpod/flash#337

Updated the flash login command documentation to describe the new copy-paste authentication flow where users copy the API key from the browser and paste it into the CLI. Removed the --timeout flag documentation since it's no longer used. Also updated Python version requirements from "Python 3.10, 3.11, or 3.12" to "Python 3.10 or later" across 6 tutorial and reference pages.

Review: Update flash login docs for copy-paste auth flow

[Copilot]

Pull request overview

This PR updates the flash CLI login flow to avoid fetching newly-issued API keys over an unauthenticated polling endpoint by switching to a user copy/paste exchange, and removes the no-longer-needed GraphQL polling method.

Changes:

• Replace the CLI’s polling-based login with a copy/paste API key prompt; remove --timeout and related polling/deadline logic.
• Remove get_flash_auth_request_status from the GraphQL client and update unit tests accordingly.
• Introduce new SSE log parsing/streaming helpers in request_logs.py and broaden the supported Python version range in packaging metadata.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tests/unit/test_login.py	Updates unit tests to match the copy/paste login flow and removes polling-related coverage.
tests/unit/test_login_extended.py	Updates extended login/GraphQL tests to remove polling status checks and align with paste-based login.
src/runpod_flash/core/resources/request_logs.py	Adds SSE event/log parsing and a pod log streaming generator.
src/runpod_flash/core/api/runpod.py	Removes the polling query method get_flash_auth_request_status.
src/runpod_flash/cli/commands/login.py	Implements copy/paste API key login flow and removes timeout/polling logic.
pyproject.toml	Relaxes requires-python from >=3.10,<3.13 to >=3.10.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[deanq]

AE-3128 review — login flow security. A few suggestions on the CLI paste UX.