[audit] Avoid marking live browser sessions as stale during startup cleanup

[bnema]

Summary

Startup cleanup currently marks every active browser session except the current one as ended without first proving that the session is actually dead.

Why this matters

Dumber is intentionally non-unique and can spawn additional browser processes for restore/relaunch flows. With the current cleanup behavior, legitimate concurrent browser sessions can be misclassified as stale and marked ended in the database.

Evidence

• internal/bootstrap/session.go:215-240 checks only a single global PID file for crash detection.
• internal/bootstrap/session.go:323-337 marks every active browser session except the current one as ended.
• internal/infrastructure/desktop/adapter.go:567-585 spawns new dumber browse processes for session restoration.
• internal/ui/app.go:56-58 uses gio.GApplicationNonUniqueValue.

Suggested scope

• Replace the blanket "end every other active browser session" logic with per-session liveness verification.
• Tie liveness to session-owned process/runtime state instead of a single global PID file.
• Preserve legitimate concurrent browser sessions and restore-spawned sessions.
• Add regression coverage for multiple live browser processes.

Acceptance criteria

• Live concurrent browser sessions are not marked ended during startup cleanup.
• Only sessions proven dead are transitioned to ended/crashed state.
• Regression tests cover at least one multi-process or simulated multi-session scenario.

Audit context

• Audit date: 2026-06-10
• Audited at commit: 5eba8fd5