mobile: drop the masthead logout button

Masthead is now the Fenja wordmark on its own, centred. The logout
handler and the .m-logout CSS are gone; mobile.js header comment
updated to reflect "two behaviours" (session check + join CTA).
Users who need to log out can do so from a desktop session or by
clearing cookies.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

protected/mobile/index.html

@@ -15,9 +15,6 @@
   <a class="m-logo" href="/" aria-label="Back to entrance">
     <img src="/fenja/fenja-wordmark-black.svg" alt="Fenja" />
   </a>
-  <button type="button" class="m-logout" id="m-logout" aria-label="Log out">
-    Log out
-  </button>
 </header>
 
 <main class="m-main">

protected/mobile/mobile.css

@@ -47,7 +47,7 @@ html, body {
   top: 0;
   z-index: 10;
   display: flex;
-  justify-content: space-between;
+  justify-content: center;
   align-items: center;
   padding: 14px 18px;
   background: var(--paper);
@@ -55,18 +55,6 @@ html, body {
 }
 .m-logo { display: inline-block; line-height: 0; }
 .m-logo img { height: 22px; width: auto; display: block; }
-.m-logout {
-  all: unset;
-  font-family: "Manrope", system-ui, -apple-system, sans-serif;
-  font-size: 12px;
-  font-weight: 500;
-  letter-spacing: 0.08em;
-  text-transform: uppercase;
-  color: var(--ink-soft);
-  padding: 6px 10px;
-  cursor: pointer;
-}
-.m-logout:active { color: var(--ink); }
 
 /* ─── Main layout ────────────────────────────────────────── */
 .m-main {

protected/mobile/mobile.js

@@ -1,7 +1,7 @@
 // ─────────────────────────────────────────────────────────────
 // protected/mobile/mobile.js — minimal client for the mobile view.
 //
-// Three behaviours, nothing else:
+// Two behaviours, nothing else:
 //   1. Confirm the session is still valid on page load. If the
 //      session expired since the server rendered the HTML, bounce
 //      to "/" so the user doesn't read gated content without a
@@ -9,7 +9,10 @@
 //      page request itself).
 //   2. POST /api/bifrost-join on CTA click; swap CTA panel →
 //      confirmation panel on success.
-//   3. POST /auth/logout on log-out button; navigate to "/".
+//
+// There is no logout button on the mobile view; the masthead is
+// logo-only by design. Users who want to log out can do so from a
+// desktop session, or by clearing cookies.
 //
 // No GSAP, no Lenis, no d3. No sharing of globals with the desktop
 // timeline/bifrost scripts — this file is only loaded by
@@ -65,20 +68,3 @@ if (joinBtn && joinCta && joinConfirm) {
   });
 }
 
-const logoutBtn = document.getElementById('m-logout');
-if (logoutBtn) {
-  logoutBtn.addEventListener('click', async () => {
-    try {
-      await fetch('/auth/logout', {
-        method: 'POST',
-        credentials: 'same-origin',
-      });
-    } catch {
-      // If logout POST fails, still navigate home — the user's
-      // intent is "leave". The server-side session will still be
-      // valid until it expires, but the cookie on this device
-      // will be cleared by the navigation away.
-    }
-    window.location.href = '/';
-  });
-}