Fix SSO clients page template wrapper

Page templates must define a named block that invokes {{template "base"}}
(e.g. {{define "sso_clients"}}{{template "base" .}}{{end}}). Without this,
ExecuteTemplate cannot find the named template and returns an error.

Also add logging to the SSO clients handler for easier diagnosis.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/ui/handlers_sso_clients.go

@@ -12,12 +12,14 @@ import (
 func (u *UIServer) handleSSOClientsPage(w http.ResponseWriter, r *http.Request) {
 	csrfToken, err := u.setCSRFCookies(w)
 	if err != nil {
+		u.logger.Error("sso-clients: set CSRF cookies", "error", err)
 		http.Error(w, "internal error", http.StatusInternalServerError)
 		return
 	}
 
 	clients, err := u.db.ListSSOClients()
 	if err != nil {
+		u.logger.Error("sso-clients: list clients", "error", err)
 		u.renderError(w, r, http.StatusInternalServerError, "failed to load SSO clients")
 		return
 	}

web/templates/sso_clients.html

@@ -1,3 +1,4 @@
+{{define "sso_clients"}}{{template "base" .}}{{end}}
 {{define "title"}} - SSO Clients{{end}}
 {{define "content"}}
 <div class="page-header d-flex justify-between align-center">