fix: SMS MFA masked number and launch button idle spinner

[JamieRuderman]

Summary

Two small fixes in the auth + connection UI.

1. SMS 2FA prompt rendering {{number}} literally

The verification message at MFACode.tsx:109 called t() without passing the number interpolation variable, so i18next left the placeholder text untouched. Now pulls the masked destination from Cognito's challengeParam.CODE_DELIVERY_DESTINATION, extracts the last 4 digits, and renders it as (ending in 1234). Falls back cleanly when the destination is missing — no double space, no dangling parens.

• frontend/src/cognito/types.d.ts — widened challengeParam to expose the optional CODE_DELIVERY_DESTINATION.
• frontend/src/cognito/components/MFACode/MFACode.tsx — added a formatMaskedDestination helper and passed its result as the number variable.
• frontend/src/cognito/locales/en/translations.json — tightened placeholder positioning so the helper-supplied leading space (or empty string) reads correctly either way.

2. Launch button stuck in loading state for idle on-demand connections

PR #1102 changed ready to require connection.connected, so the auto-launch effect wouldn't fire until the tunnel was live. But ready is also the input to the loading flag — meaning idle/on-demand services (ready: true, connected: false) now permanently rendered the spinner.

Split the two concerns: ready keeps its old meaning (gates the loading spinner / click-enable), and a new connected predicate gates only the auto-launch useEffect. connectLink services continue to be treated as both ready and connected.

• frontend/src/buttons/LaunchButton/LaunchButton.tsx

Test plan

• Trigger an SMS 2FA challenge and confirm the prompt reads …mobile device (ending in 1234). This code…
• Simulate a missing CODE_DELIVERY_DESTINATION and confirm the prompt reads …mobile device. This code… with no double space
• Open a service with an idle on-demand connection and confirm the launch button shows the launch icon (not the spinner) and is clickable
• Click the launch button on an idle on-demand service and confirm it kicks off the connection
• Confirm auto-launch still waits for connected before opening the browser (PR fix(launch): wait for connected state before auto-launching browser #1102 behavior preserved)

[aws-amplify-us-west-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-1108.d20k671nqqv4kl.amplifyapp.com