Add client-side timeout validation to browser session creation

[Copilot]

do_session_create accepted any integer for timeout despite the documented valid range of 5–1440 minutes, with no client-side enforcement. Out-of-range values were silently passed to the API, and the ValueError handler in skyvern_browser_session_create gave a misleading "Cloud sessions require SKYVERN_API_KEY" hint regardless of the actual error.

Additionally, timeout or 60 silently coerced timeout=0 to 60, bypassing any validation entirely.

Changes

• session_ops.py — Add SESSION_TIMEOUT_MIN = 5 / SESSION_TIMEOUT_MAX = 1440 constants; raise ValueError in do_session_create when timeout is out of range (validation skipped for local sessions, which have no server-enforced timeout)
• mcp_tools/session.py — Fix timeout or 60 → timeout if timeout is not None else 60 so zero/explicit values aren't silently promoted; change ValueError handler error code from SDK_ERROR → INVALID_INPUT with a useful hint covering both timeout range and missing API key cases
• Tests — Add boundary/invalid-timeout coverage in test_cli_shared_core.py (4 tests) and test_mcp_session_lifecycle.py (2 tests)

# Before: silently sent timeout=60 to API, masking the invalid input
await skyvern_browser_session_create(timeout=0)   # became timeout=60
await skyvern_browser_session_create(timeout=9999) # no client error, API rejected it

# After: immediate INVALID_INPUT with descriptive message
await skyvern_browser_session_create(timeout=0)
# → {"ok": False, "error": {"code": "INVALID_INPUT",
#    "message": "Session timeout must be between 5 and 1440 minutes, got 0"}}

Original prompt

#session:

Created from VS Code.