feat(advancedmd): MS sign-in CDP driver + RFC6238 TOTP generator

Reusable, secret-free helpers for the AGENT account MFA path.

- scripts/totp_gen.py: RFC 6238 TOTP (HMAC-SHA1, 30s, 6 digits). Reads the
  base32 secret at runtime from the 0600 creds env (AGENT_MS_TOTP_SECRET);
  never hardcodes or prints the secret. Replaces the missing `oathtool` on
  the VM so MS authenticator-app codes can be generated from the CLI.
- scripts/ms_login_driver.py: CDP driver (on top of amd_browser.py) for the
  Microsoft Entra sign-in + aka.ms/mysecurityinfo flow: newtab/inspect/type/
  click/clicktext/clickmouse/enumbtns/shot/eval. Used to sign in with a
  Temporary Access Pass, enroll our own authenticator-app (TOTP) method, and
  verify OWA mailbox access. No credentials are stored; all sensitive values
  are passed as CLI args at call time.

No secrets, screenshots, or PHI committed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>