Fix Kobo sync in fully-local mode (no Kobo account) on modern firmware

[thijsdezoete]

Summary

On a fully-local setup (Kobo Store proxying off, no real Kobo account), Kobo
sync silently fails on current firmware (reproduced on 4.45.23684). The web
UI works and curl-ing the sync endpoints directly returns 200, but pressing
Sync on the device reports "Sync failed" and no books/collections appear.

Two independent causes, both only triggered once the device's 1-hour access
token expires (so it can look like it "just stopped working" without any config
change):

1. OAuth token refresh can't discover the token endpoint

When proxying is off, CWA points oauth_host at itself but HandleOauthRequest
returns a dummy token for every /oauth/* path — including
/oauth/.well-known/openid-configuration. Modern firmware does OIDC discovery
there before refreshing an expired token; with no token_endpoint it logs:

oauth.debug  access token expired -- refreshing now
OAuthDiscoveryCommand::execute()
requestNewToken(...) requesting a new token from ""      <- empty
QDebugSyncErrorFilter::applyFilter "WebRequestErr"
QueuedSyncCommand::cancel() ... SyncLibraryCommand        <- whole queue cancelled

So /v1/library/sync is never even called. (This is why direct curl works —
it carries the path token and skips the OAuth gate the device runs first.)

Fix: serve a minimal OIDC discovery document whose token_endpoint points at
the /oauth/token route CWA already implements.

2. Cloud reading-services 401 aborts the whole sync

With local OAuth, the device authenticates its direct calls to Kobo's cloud
reading-services with CWA's dummy token and gets 401s:

"https://<host>/api/UserStorage/Metadata" => "Host requires authentication" (401)
QueuedSyncCommand::cancel() ... SyncNotebookCommand
applyFilter "WebRequestErr"  -> finished sync client    (Sync failed)

Kobo sync is transactional, so this aborts the batch and even shelves never
commit. Note the device treats reading_services_host as scheme+host only —
it strips the path and calls /api/... at the site root.

Fix: point reading_services_host at CWA and add a before_app_request hook
returning benign empty responses for the reading-services paths
(/api/v3/content/checkforchanges, /api/v3/content/<uuid>/annotations,
/api/UserStorage/*, /api/internal/notebooks). Gated to non-Hardcover setups.

Result

Device log after the fixes: SyncLibraryCommand finished → finished sync client
with no WebRequestErr; the device reports "Sync complete" and books +
collections sync.

Notes / out of scope

• Reproduced on CWA v4.0.6; main has the same code paths.
• Verified end-to-end against a real Kobo (Clara HD, fw 4.45.23684).
• Separately, failed syncs still record books in kobo_synced_books (via
  add_synced_books during response generation) even though the device discards
  the aborted batch, so they're permanently excluded from NewEntitlement. Once
  sync succeeds this no longer accumulates; existing stale rows need a one-time
  kobo_synced_books clear (force full re-sync). Could be hardened separately by
  only recording synced books on a committed sync.