🐛 fix(auth): prevent repeated /api/user/self calls and ensure sign‑out redirect

- Call `auth.fetchSelf()` inside a one-time `useEffect` in `web/src/routes/_authenticated/route.tsx`
  to avoid re-render triggered loops that spam `/api/user/self`.
- Make the sign-out flow await `auth.logout()`, close the dialog, then navigate to `/sign-in`
  with the current location as `redirect` in `web/src/components/sign-out-dialog.tsx`,
  guaranteeing the guard and redirect work reliably.
- No changes to old Semi UI archive; no linter errors introduced.

Test plan:
- Click “Sign out”: only one `/api/user/logout` request, no repeated `/api/user/self`,
  then redirected to `/sign-in?redirect=<previous_url>`.
- Refresh authenticated pages: at most one `/api/user/self` fetch occurs.

web/src/components/sign-out-dialog.tsx

@@ -12,9 +12,9 @@ export function SignOutDialog({ open, onOpenChange }: SignOutDialogProps) {
   const location = useLocation()
   const { auth } = useAuthStore()
 
-  const handleSignOut = () => {
-    auth.logout()
-    // Preserve current location for redirect after sign-in
+  const handleSignOut = async () => {
+    await auth.logout()
+    onOpenChange(false)
     const currentPath = location.href
     navigate({
       to: '/sign-in',

web/src/routes/_authenticated/route.tsx

@@ -1,3 +1,4 @@
+import { useEffect } from 'react'
 import { createFileRoute, redirect } from '@tanstack/react-router'
 import { useAuthStore } from '@/stores/auth-store'
 import { getStoredUser } from '@/lib/auth'
@@ -11,9 +12,10 @@ export const Route = createFileRoute('/_authenticated')({
     }
   },
   component: () => {
-    // 进入后尝试刷新一次会话信息（静默失败）
     const { auth } = useAuthStore()
-    auth.fetchSelf().catch(() => {})
+    useEffect(() => {
+      auth.fetchSelf().catch(() => {})
+    }, [])
     return <AuthenticatedLayout />
   },
 })