Make the NIP-55 signer callback robust against Amber URL rewriting

Amber drops the query string when it rebuilds the callback URL and
appends the signed event directly to the path. The mobile login page now
hands out path-based callback URLs (/auth/mobile/signed/{k1}/) so the
event arrives as the remainder of the path.

The new callback runs in the web middleware group: the signer opens it
in the system browser, which shares cookies with the in-app browser
session, so the flow completes immediately — a bridge page issues the
token and fires the einundzwanzig:// deep link. The LoginKey row is
still written as a fallback for the polling login page.

resources/views/livewire/auth/mobile-login.blade.php

@@ -79,8 +79,10 @@ class extends Component {
 
         $this->lnurl = lnurl\encodeUrl($url);
 
-        // NIP-55 signers append the signed event JSON directly after "event=".
-        $this->signerCallbackUrl = url('/api/nostr-login-callback').'?k1='.$this->k1.'&event=';
+        // NIP-55 signers append the signed event JSON to the callback URL.
+        // Amber strips query strings when rebuilding the URL, so the k1
+        // travels in the path and the event lands after the trailing slash.
+        $this->signerCallbackUrl = url('/auth/mobile/signed').'/'.$this->k1.'/';
 
         $image = 'public/img/domains/'.session('lang_country', 'de-DE').'.jpg';
         if (! file_exists(base_path($image))) {