Replicates quinn.www's AdminDevView pattern for the VIP app:
- VipAdminView at /admin lists VIP clients and offers Open as for each fan with
a live token. Reaching /admin means an authenticated session (the nginx edge
gates it to SSO, wired next).
- Open as calls the admin impersonate endpoint, then seeds the same session
storage a real login would (vip_auth_ok + content key) plus an impersonation
marker, and navigates to the fan's portal — which then skips the password
screen (appState goes straight to unlocked).
- VipPortalPage shows a persistent ImpersonationBanner with a one-tap Exit that
clears the session and returns to the roster.
contentKey from the endpoint is base64url, matching the verify contract, so the
fan's encrypted content decrypts under impersonation.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
236f0638d0