Mobile secure session storage (SecureStore) + 401 refresh-retry + recorder-lifecycle fixes

Session in iOS Keychain / Android Keystore via chunked expo-secure-store adapter (was plaintext AsyncStorage). 401 refresh-and-retry. Code-review fixes: recorder cleanup on unmount (camera/mic leak), mounted guards, account-bleed clear, mux URL guard.