fix: correct HTTP headers for LeetCode API authentication

[MD-Mushfiqur123]

Problem

The login flow fails for many users (issue #478) because the HTTP request headers sent to LeetCode's GraphQL API are incorrect:

1. Invalid referer: Set to \�scode-lc-extension\ instead of a valid URL like \https://leetcode.com\
2. Missing Origin header: LeetCode's CORS policy requires an \Origin\ header matching the base URL
3. Missing User-Agent: Cloudflare's bot detection blocks requests without a browser-like User-Agent
4. CSRF token not sent: The \xsrfCookieName/xsrfHeaderName\ axios config only works in browser contexts where cookies are automatically managed. For server-side requests, the csrftoken must be extracted from the cookie string and sent as the \X-CSRFToken\ header manually

Fix

• Set \Origin\ and \Referer\ headers to the correct base URL (\https://leetcode.com\ or \https://leetcode.cn\)
• Add a browser-like \User-Agent\ header to pass Cloudflare checks
• Extract \csrftoken\ from the cookie and send it as \X-CSRFToken\ header
• Add \X-Requested-With: XMLHttpRequest\ header matching the CLI plugin's behavior
• Remove \xsrfCookieName/xsrfHeaderName\ which are ineffective for server-side requests

Testing

• 
  pm run lint\ passes with no errors
• 
  pm run compile\ succeeds (with \skipLibCheck\ for pre-existing type issue in @types/markdown-it)

Fixes #478