Phase A of #161: ships the smoke script and README before the
maximus-api prices-proxy endpoint is live in prod. The script will
fail on case 1 (HTTP 404) until /v1/prices is implemented and
deployed — that is expected; running it is gated to Phase B (after
prices-proxy ships, before cutting v0.9.0).
Script covers 4 cases:
1. Stock happy path (AAPL) — HTTP 200, .price > 0
2. Crypto happy path (BTC) — HTTP 200, .price > 0
3. Invalid symbol — HTTP 404, error.code=symbol_not_found
4. Missing auth — HTTP 401, error.code=missing_token
`set -euo pipefail`, exits non-zero on first failure. Reads token
from MAXIMUS_API_TEST_TOKEN env var (never committed). README
documents env vars and the two paths for obtaining a premium test
token (admin endpoint TODO in maximus-api, manual JWT signing as
current workaround).
CSP whitelist for https://api.lacompagniemaximus.com is already in
place in src-tauri/tauri.conf.json — verified, no change needed.
No application code touched; npm test (492) and cargo test --lib
(69) remain green.
Phase A only (#161)
