CLI crawler fails on auth-protected routes — no way to pass cookies or session headers

## Problem `npx boneyard-js build` spins up Chromium and visits the dev server, but if the app is behind authentication (JWT cookie, session token, OAuth, etc.) the crawler hits the login redirect and snapshots the login page instead of the real component layout — generating useless or empty bones. This makes boneyard-js effectively unusable for any dashboard or internal tool where every route requires auth. ## Reproduction 1. Have a Next.js app with middleware protecting all routes under `/dashboard` 2. Wrap a dashboard component with `` 3. Run `npx boneyard-js build http://localhost:3000/dashboard/stats` 4. CLI visits the URL, middleware redirects to `/login`, bones are generated from the login page DOM instead ## Expected behavior The CLI should provide a way to pass auth context to the Chromium session so it can reach protected pages and snapshot the real component layout. ## Proposed API **Option A — Cookie file (most flexible):** ```bash npx boneyard-js build --cookies ./boneyard-cookies.json ``` Where the JSON is a Playwright/Puppeteer-compatible cookies array: ```json [{ "name": "session", "value": "abc123", "domain": "localhost", "path": "/" }] ``` **Option B — Auth headers:** ```bash npx boneyard-js build --header "Authorization=Bearer " ``` **Option C — boneyard.config.js:** ```js export default { auth: { cookies: [{ name: 'session', value: process.env.SESSION_TOKEN }], headers: { Author...