Smoke-test Windows submission flow and document the results

[willsarg]

We should validate the full connected submission flow on a real Windows machine and capture any platform-specific behavior in the docs.

What to verify:

• proov auth writes credentials to the expected Windows config path
• saved credentials work with --submit against Vettd
• the user-visible path and permission / ACL story is documented accurately
• the post-scan submission flow behaves correctly in a normal Windows terminal

Documentation follow-up:

• confirm the exact Windows config path in practice
• document whether explicit ACL hardening is needed beyond the default per-user profile ACLs
• add any Windows-specific troubleshooting notes if the smoke test surfaces them

[JTP75]

Verifications

• ✅ proov auth --key <key> writes endpoint and api key to ~/AppData/Roaming/ahscan/config.json (contract and version info are written to ~.ahscan/contract/)
• ✅ saved credentials work with --submit
• ✅ location and access are correct in README.md (user-profile access, stored in AppData)
• ⚠️ double keyboard inputs. see Windows release 0.6.9: doubled keyboard inputs in TUI #27

Documentation follow-up

• ✅ path is accurate
• 🔍 i don't believe further ACL hardening is necessary. all access is restricted to SYSTEM, Administrators, and Owner (User). audit done with icacls; file restricted to (I)(F) for SYSTEM, Administrators, and Owner. directory uses oi/ci inheritance to maintain secure posture for all new files. no explicit hardening required.
• ⚠️ see Windows release 0.6.9: doubled keyboard inputs in TUI #27