Track processed candidates in session and use OAuth for API calls

- Record skips, saves, and no-match results in session["skipped"] so
  revisiting an article resumes past already-checked candidates
- Filter self-links (case-insensitive first letter) from hit list
- Use OAuth session for all API reads when logged in for higher rate limits
- Add "for" template to exclusion list to avoid bad edits
- Improve API error handling with HTTP status codes logged to stderr

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

add_links/match.py

@@ -78,7 +78,7 @@ re_cite = re.compile(
     re.I | re.S,
 )
 
-re_cite_template_start = re.compile(r"\{\{(?:cite|citation|short description|gli|defn|annotated link|excerpt|main|see)\b", re.I)
+re_cite_template_start = re.compile(r"\{\{(?:cite|citation|short description|gli|defn|annotated link|excerpt|main|see|for)\b", re.I)
 re_no_param_template = re.compile(r"\{\{[^|{}]+\}\}")
 re_external_link = re.compile(r"\[https?://[^\]]+\]")
 # Italic text (work titles in bibliographies). Handles apostrophes in content