ui: hx-swap none on Run-now + truthful save banner + tailwind rebuild

Add hx-swap="none" to the three Run-now buttons (check/prune/unlock) in
host_repo.html to match the existing pattern on host_sources.html and
host_schedules.html. Fix all-blank admin-credentials save to redirect
without ?saved= query string so no false-positive banner is shown;
strengthen the corresponding test to assert Location has no ?saved=.
Rebuild CSS bundle via Tailwind to pick up max-w-[640px] JIT class.

internal/server/http/ui_repo.go

@@ -490,7 +490,7 @@ func (s *Server) handleUIAdminCredentialsSave(w stdhttp.ResponseWriter, r *stdht
 	// We treat this as harmless — they may have wanted to clear via the
 	// Clear button instead. Only validate if they've started filling fields.
 	if repoURL == "" && repoUser == "" && repoPass == "" {
-		stdhttp.Redirect(w, r, "/hosts/"+host.ID+"/repo?saved=admin_credentials", stdhttp.StatusSeeOther)
+		stdhttp.Redirect(w, r, "/hosts/"+host.ID+"/repo", stdhttp.StatusSeeOther)
 		return
 	}
 

internal/server/http/ui_repo_test.go

@@ -380,7 +380,7 @@ func TestUIAdminCredentialsSaveAllBlankIsNoop(t *testing.T) {
 	cookie := loginAsAdmin(t, st)
 	hostID := makeHost(t, st, "admin-save-blank")
 
-	status, _ := postForm(t, baseURL, "/hosts/"+hostID+"/admin-credentials", url.Values{
+	status, loc := postForm(t, baseURL, "/hosts/"+hostID+"/admin-credentials", url.Values{
 		"repo_url":      {""},
 		"repo_username": {""},
 		"repo_password": {""},
@@ -388,6 +388,10 @@ func TestUIAdminCredentialsSaveAllBlankIsNoop(t *testing.T) {
 	if status != stdhttp.StatusSeeOther {
 		t.Fatalf("blank save: want 303, got %d", status)
 	}
+	// All-blank is a no-op: redirect must not carry ?saved= banner.
+	if strings.Contains(loc, "?saved=") {
+		t.Errorf("blank save: redirect Location %q must not contain ?saved=", loc)
+	}
 
 	// No admin row should have been created.
 	if _, err := st.GetHostCredentials(context.Background(), hostID, store.CredKindAdmin); err == nil {