Bugfix: Cloud: be more specific about session error codes (#6051)

InvalidClientTokenError indicates an unrecoverable state for
the session, so we need to be more exact about triggering it. A recent
Clerk outage resulted in a lot of 429 responses which should really cause
inactive-session, not a full clear to logged-out.

packages/cloud/src/auth/WebAuthService.ts

@@ -494,7 +494,7 @@ export class WebAuthService extends EventEmitter<AuthServiceEvents> implements A
 			signal: AbortSignal.timeout(10000),
 		})
 
-		if (response.status >= 400 && response.status < 500) {
+		if (response.status === 401 || response.status === 404) {
 			throw new InvalidClientTokenError()
 		} else if (!response.ok) {
 			throw new Error(`HTTP ${response.status}: ${response.statusText}`)