Two cross-file isolation leaks that a finer shard partition exposes are fixed at
root so every shard passes regardless of execution order:
- test_auth_session_persistence.py: bind api.auth STATE_DIR/_SESSIONS_FILE/
_LOGIN_ATTEMPTS_FILE in setUp + restore in tearDown (was relying on a sibling
reload test to rebind them).
- test_request_diagnostics_cache.py: pin the session-list cache source stamp via
an autouse fixture (matches test_session_sidebar_cache.py) so a leaked state.db
WAL sidecar can't cause a spurious cache-miss.
Verified all shards green under 3-, 4-, and 5-way partitions. CI infra + test
harness only; no application behavior change.