[feature] Epic: Add Trusted Clients UI session start

[marwannettour]

Summary

Add a Trusted Clients UI workflow to create an automatic session with one or more already trusted clients.

The user should be able to open the Trusted Clients view, select trusted clients, and start a session without copying a session ID or password.

Context

The product value is strongest when automatic sessions are available from the place where users already manage trusted clients. This also makes the trust boundary visible: users are choosing from known devices, not typing arbitrary remote identities.

Proposed scope

• Add multi-selection or equivalent session targeting in the Trusted Clients view.
• Add a clear action to start a session with selected trusted clients.
• Display eligibility status for each trusted client.
• Explain blocked states through concise UI messages, for example missing grant, revoked grant, key changed, offline, or incompatible version.
• Show progress while the session is created and clients are invited.
• Navigate to the created session when ready.
• Provide a path to create, inspect, or revoke automatic-join grants if needed by the MVP.

Out of scope

• Replacing the existing manual session creation and join screens.
• Designing enterprise enrollment workflows.
• Adding a new landing page or marketing surface.

Acceptance criteria

• The Trusted Clients view can start an automatic session with selected eligible clients.
• The UI prevents or blocks selecting ineligible clients for automatic session creation.
• The UI shows meaningful progress and terminal states.
• The UI handles partial failure without silently creating an unsafe or confusing session.
• The workflow is accessible from existing Trusted Clients navigation.
• View model tests cover selection, eligibility, command state, success, and failure states.

Dependencies

• Requires the automatic session domain flow.
• Requires trusted-device grants or an agreed MVP grant policy.
• Requires signed challenge-response for automatic joins.