Fix dashboard static assets and add client e2e scripts

docs/gateway-dashboard-design.md

@@ -275,8 +275,9 @@ The implementation path is:
 5. Dashboard pages require that cookie.
 6. Logout clears the cookie.
 
-For local development, allow an explicit `Dashboard:AllowAnonymousLocalhost`
-option. It must default to false.
+For local development, `Dashboard:AllowAnonymousLocalhost` defaults to `true`.
+The bypass applies only to loopback requests; remote dashboard requests still
+use the API-key-backed cookie flow.
 
 `DashboardAuthenticator` keeps API-key validation outside UI components. It
 formats the submitted key as a bearer authorization header for
@@ -296,7 +297,7 @@ Suggested configuration:
       "Enabled": true,
       "PathBase": "/dashboard",
       "RequireAdminScope": true,
-      "AllowAnonymousLocalhost": false,
+      "AllowAnonymousLocalhost": true,
       "SnapshotIntervalMilliseconds": 1000,
       "RecentFaultLimit": 100,
       "RecentSessionLimit": 200,