NPM proxy host + Let's Encrypt cert for speech.du5t.xyz are live, so
flip the session cookie to https_only=True (the redirect_uri and
Authentik provider config changes live outside this repo, in
/srv/asr/env/asr.env and the Authentik provider record).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>