Export filename change:
- Drop the redundant `codex-` prefix; embed the account email so multiple
exported files can coexist in the same downloads folder.
- Email is extracted from the id_token JWT `email` claim, with fallback
to connection.email and finally to the sanitized connection label.
- sanitizeFileNamePart now preserves @ so addresses survive intact
(e.g. `auth-diego@example.com.json`).
Apply Local refinement:
- ApplyCodexAuthModal: confirmation modal showing the resolved target
path, the side-by-side .bak location, and the centralized backup
trail. User must tick a confirmation checkbox before Apply enables.
- writeCodexAuthFileToLocalCli now writes a side-by-side
`auth-<timestamp>.bak` inside the .codex/ directory before replacing
the live file, in addition to the existing centralized backup. Both
inputs to the .bak path are server-controlled (dirname from the
static CLI_TOOLS table; basename from a server-generated ISO
timestamp), so no user input touches path APIs.
- apply-local route now emits a `provider.credentials.applied` audit
event with the resolved authPath and savedBakPath, and routes all
errors through sanitizeErrorMessage() per the security guide.
Tests: tests/unit/codexAuthFile.test.ts covers sanitization, JWT email
extraction, filename format for both branches (email/label), and the
ISO-timestamp .bak basename safety.
Scope: this is PR1 of the import/export work tracked under
_tasks/features-v3.8.0/importexport/. PR2 (import single) and PR3
(import bulk) will follow.
