fix(mosaic): mask password input in TUI login prompt

The TUI login flow used a plain readline.question() for the password
prompt, which echoed characters to the terminal. Replaced with the
existing promptSecret() helper that uses TTY raw mode to suppress
echo — the same function already used by `mosaic gateway login`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

packages/mosaic/src/cli.ts

@@ -135,15 +135,11 @@ program
 
       // No valid session — prompt for credentials
       if (!session) {
-        const readline = await import('node:readline');
-        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-        const ask = (q: string): Promise<string> =>
-          new Promise((resolve) => rl.question(q, resolve));
+        const { promptLine, promptSecret } = await import('./commands/gateway/login.js');
 
         console.log(`Sign in to ${opts.gateway}`);
-        const email = await ask('Email: ');
-        const password = await ask('Password: ');
-        rl.close();
+        const email = await promptLine('Email: ');
+        const password = await promptSecret('Password: ');
 
         try {
           const auth = await signIn(opts.gateway, email, password);