Fix review feedback: tests, auth token normalization, font CSP, i18n corrections

[Copilot]

Addresses second-round review comments on PR #1080 and fixes 5 failing Vitest tests caused by the Bearer-prefix removal in the MCP auth token logic.

Auth token normalization

• getDefaultAuthToken() now strips ****** prefix from MCP_AUTH_TOKEN` env var, consistent with how config-file sources are handled
• Updated 5 test expectations to match raw API key behavior (no `****** prefix)

// Before: returned env var verbatim, inconsistent with config-file path
if (process.env['MCP_AUTH_TOKEN']) return process.env['MCP_AUTH_TOKEN'];

// After: normalize all sources the same way
if (process.env['MCP_AUTH_TOKEN']) return process.env['MCP_AUTH_TOKEN'].replace(/^Bearer\s+/i, '');

HTML fixes (EN + SV deep-inspection articles)

• Font CSP: Replaced media="print" onload="this.media='all'" with plain rel="stylesheet" — inline onload handlers are blocked by the page's hash-based CSP
• Singular form: "1 parliamentary documents" → "1 parliamentary document" across 7 occurrences (og:description, twitter:description, lede, body, dashboard, SWOT, mindmap)
• SWOT text: Fixed ASCII-lowercased title presstraff om forslag... → Pressträff om förslag om betald polisutbildning in both language variants

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.