fix: return FT components directly for proper toast injection

POST routes were returning HTMLResponse(content=to_xml(...)) which
bypassed FastHTML's toast middleware. The middleware only injects
toasts for tuple, FT, or FtResponse responses.

Changed 12 routes to return render_page() directly:
- actions.py: 7 routes (cohort, hatch, tag-add, tag-end, attrs, outcome, status-correct)
- eggs.py: 2 routes (product-collected, product-sold)
- feed.py: 2 routes (feed-given, feed-purchased)
- move.py: 1 route (animal-move)

Updated tests to check for toast content in response body instead of
session cookie, since middleware now renders toasts inline.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tests/test_web_move.py

@@ -198,7 +198,7 @@ class TestMoveAnimalSuccess:
         location_strip2_id,
         ducks_at_strip1,
     ):
-        """Successful move returns session cookie with toast."""
+        """Successful move renders toast in response body."""
         ts_utc = int(time.time() * 1000)
         filter_str = 'location:"Strip 1"'
         filter_ast = parse_filter(filter_str)
@@ -219,16 +219,8 @@ class TestMoveAnimalSuccess:
         )
 
         assert resp.status_code == 200
-        assert "set-cookie" in resp.headers
-        session_cookie = resp.headers["set-cookie"]
-        assert "session_=" in session_cookie
-        # Base64 decode contains toast message
-        import base64
-
-        cookie_value = session_cookie.split("session_=")[1].split(";")[0]
-        base64_data = cookie_value.split(".")[0]
-        decoded = base64.b64decode(base64_data).decode()
-        assert "Moved 5 animals to Strip 2" in decoded
+        # Toast is injected into response body by FastHTML's toast middleware
+        assert "Moved 5 animals to Strip 2" in resp.text
 
     def test_move_success_resets_form(
         self,