mxaccesscli: catch ArgumentException from AuthenticateUser as auth-failed

Under eOSUserBased galaxy security mode the LMXProxyServer raises
ArgumentException("Value does not fall within the expected range")
for bad credentials instead of silently returning 0 like permissive
(eNone) galaxies do. Both shapes mean "auth failed"; MxSession.Authenticate
now normalizes them into a 0 return so WriteCommand reports a clean
"authentication-failed" envelope and exits 1 — instead of crashing
with a stack trace.

Verified live against the ZB galaxy in eOSUserBased mode:
  bad password  -> ok=false, error="authentication-failed", exit 1
  good password -> ok=true,  auth_user_id=1, exit 0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

mxaccesscli/src/MxAccess.Cli/Mx/MxSession.cs

@@ -58,7 +58,19 @@ namespace MxAccess.Cli.Mx
         {
             if (string.IsNullOrEmpty(verifyUser))
                 throw new ArgumentException("verifyUser must be non-empty.", nameof(verifyUser));
-            return _proxy.AuthenticateUser(_hServer, verifyUser, password ?? string.Empty);
+            // Some galaxy configurations (e.g. eOSUserBased) cause the proxy to
+            // throw `ArgumentException: Value does not fall within the expected
+            // range` for bad credentials instead of returning 0 like the
+            // permissive (eNone) configuration does. Both shapes mean "auth
+            // failed"; the caller distinguishes via a non-zero return value.
+            try
+            {
+                return _proxy.AuthenticateUser(_hServer, verifyUser, password ?? string.Empty);
+            }
+            catch (ArgumentException)
+            {
+                return 0;
+            }
         }
 
         /// Pump COM messages while watching for an update that matches the predicate.