refactor(auth): login action imports extractFaSessionId from \$lib/shared/cookies

Drop the inline parser; reuse the now-shared helper. Pure rewire, no behaviour
change. Addresses PR #612 / Felix F2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

frontend/src/routes/login/+page.server.ts

@@ -1,5 +1,6 @@
 import { fail, redirect, type Actions } from '@sveltejs/kit';
 import { env } from '$env/dynamic/private';
+import { extractFaSessionId } from '$lib/shared/cookies';
 import { getErrorMessage, type ErrorCode } from '$lib/shared/errors';
 import type { PageServerLoad } from './$types';
 
@@ -10,20 +11,6 @@ export const load: PageServerLoad = ({ url }) => {
 	};
 };
 
-/**
- * Extracts the fa_session cookie value from a Set-Cookie response header.
- * The backend may emit attributes like `Path`, `HttpOnly`, `SameSite=Strict`, `Max-Age`, `Secure`;
- * we only forward the opaque session id — the SvelteKit cookies API will rewrite
- * the attributes itself.
- */
-function extractFaSessionId(setCookieHeaders: string[]): string | null {
-	for (const header of setCookieHeaders) {
-		const match = header.match(/^fa_session=([^;]+)/);
-		if (match) return match[1];
-	}
-	return null;
-}
-
 export const actions = {
 	login: async ({ request, cookies, fetch, url }) => {
 		const data = await request.formData();