fix(auth): prevent ended mongoose session use in pre-login code cleanup

[stakeswky]

Summary

• fix authCode delayed cleanup to avoid reusing a transaction-bound document/session after mongoSessionRun has ended
• store the auth record _id and run cleanup via MongoUserAuth.deleteOne({ _id }) in the timeout callback
• this removes the Cannot set a document's session to a session that has ended runtime error seen in /api/support/user/account/preLogin flow

Root cause

result is loaded inside mongoSessionRun with an active mongoose session.
A delayed setTimeout later called result.deleteOne({ session }) after the transaction finished and session was ended, which triggers mongoose session-ended error.

Validation

• code path inspection confirms delayed deletion no longer depends on ended session/document-bound session

Fixes #6476

[cla-assistant]

All committers have signed the CLA.

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

User seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Preview sandbox Image:

registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-pr:fatsgpt_sandbox_d9e7733b825592a8a5d4c9c024ff08229b04d436

[github-actions]

Preview mcp_server Image:

registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-pr:fatsgpt_mcp_server_d9e7733b825592a8a5d4c9c024ff08229b04d436

[github-actions]

Preview fastgpt Image:

registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-pr:fatsgpt_d9e7733b825592a8a5d4c9c024ff08229b04d436

[stakeswky]

CLA fixed ✅ Updated the PR commit metadata to use stakeswky@gmail.com and force-pushed. Please re-run CLA check.