Fix SW scope to intercept page navigations for offline support

The SW was served from /static/sw.js with default scope /static/,
so it only intercepted static asset requests. Page navigations to
/capture, /queue, /browser were not handled by the SW at all —
Safari showed its native offline error.

Fix: serve SW from /sw.js route with Service-Worker-Allowed: / header
and register with scope: /. Now the SW intercepts all navigations and
serves the offline fallback page when the network is unavailable.

Also remove auth-protected page routes from precache (they would cache
the login redirect). Pages are cached via network-first on visit instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/static/sw.js

@@ -1,9 +1,9 @@
 // NextSnap Service Worker
 // Provides offline-first caching for the app shell
 
-const CACHE_VERSION = 'nextsnap-v21';
-const APP_SHELL_CACHE = 'nextsnap-shell-v17';
-const RUNTIME_CACHE = 'nextsnap-runtime-v17';
+const CACHE_VERSION = 'nextsnap-v22';
+const APP_SHELL_CACHE = 'nextsnap-shell-v18';
+const RUNTIME_CACHE = 'nextsnap-runtime-v18';
 
 // Offline fallback page (served when network fails and no cached version exists)
 const OFFLINE_PAGE = `<!DOCTYPE html>
@@ -26,10 +26,6 @@ button:active{opacity:0.8}
 
 // Assets to cache on install
 const APP_SHELL_ASSETS = [
-    '/',
-    '/capture',
-    '/queue',
-    '/browser',
     '/static/css/style.css',
     '/static/js/app.js',
     '/static/js/auth.js',