fix(backups,files): auto-backups rejected by validator; trip file download broken after cookie migration

Fixes #773: isValidBackupFilename regex anchored to ^backup- rejected all
auto-backup-* filenames, causing 400 on download/restore/delete. Broadened
to ^(?:auto-)?backup-.

Fixes #774: three regressions in the trip Files tab —
- openFile import shadowed by a local function of the same name inside
  FileManager; PDF preview modal was calling the local with a URL string,
  corrupting state and crashing on the second click (mime_type read on
  undefined). Fixed by aliasing the import as openFileUrl.
- GET /:id/download used a bespoke authenticateDownload that checked only
  Bearer header and ?token= query param, ignoring the trek_session cookie.
  After the JWT-to-cookie migration the client sends cookies only, so every
  download silently 401-ed. Extended authenticateDownload to accept req and
  check cookie → Bearer → query token in priority order.
- files.download and files.openError translation keys were missing from all
  15 locale files; t() was returning the raw key as a truthy string,
  defeating the || 'Download' fallback.

server/tests/unit/services/backupService.test.ts

@@ -234,6 +234,22 @@ describe('BACKUP-034 isValidBackupFilename', () => {
   it('accepts filename with hyphens and underscores', () => {
     expect(isValidBackupFilename('backup-my_trek-2026.zip')).toBe(true);
   });
+
+  it('accepts auto-backup filename', () => {
+    expect(isValidBackupFilename('auto-backup-2026-04-21T00-00-00.zip')).toBe(true);
+  });
+
+  it('rejects auto-backup with empty body', () => {
+    expect(isValidBackupFilename('auto-backup-.zip')).toBe(false);
+  });
+
+  it('rejects backup with empty body', () => {
+    expect(isValidBackupFilename('backup-.zip')).toBe(false);
+  });
+
+  it('rejects arbitrary auto- prefix that is not auto-backup', () => {
+    expect(isValidBackupFilename('auto-notbackup-2026.zip')).toBe(false);
+  });
 });
 
 // ---------------------------------------------------------------------------