fix(shell): clear message when SSHing to a node without access

[theFong]

Problem

BRE2-953

When an org member runs brev shell <node> (or brev ssh <node>) on a BYON node they can see in brev ls nodes but have not been granted SSH access, they hit a confusing catch-all error:

➜  ~ brev shell dgx-station
cannot resolve SSH for node "dgx-station" — no access, no port, or no hostname

It's unclear why it fails when the node is right there in the list.

Fix

brev shell <node> resolves the node via FindExternalNode → ListNodes (the same source as brev ls nodes), then calls ResolveExternalNodeSSH. That function returned one error for three unrelated causes. This PR replaces it with classifyNodeSSHFailure, which mirrors ResolveNodeSSHEntry's resolution logic and surfaces the actual cause with a remedy:

1. No access grant (the common case from the issue):

   you don't have SSH access to node "dgx-station".
   Ask an org admin to grant you access, e.g.:
     brev grant-ssh --node dgx-station --user me@example.com
   

2. Access granted but port not allocated yet → "the node may still be connecting — try again shortly, or run brev refresh."
3. Access + port but hostname not ready → same "still connecting" guidance.

This flows through shell, exec, copy, open, and port-forward, which all resolve via ResolveExternalNodeSSH. ResolveNodeSSHEntry (used by refresh for bulk SSH-config generation, where silently skipping inaccessible nodes is correct) is left unchanged.

Tests

• Strengthened TestResolveExternalNodeSSH_NoAccess to assert the message mentions lacking access, suggests brev grant-ssh, and includes the user's email.
• Strengthened TestResolveExternalNodeSSH_EmptyHostname to assert the "granted but not ready" message.
• Added TestResolveExternalNodeSSH_NoPortAllocated.

All affected packages build and pass: util, shell, refresh, copy, open, portforward.