Phase 4 Stage 7: end-of-session 2-step confirm + thank-you screen

Customer-driven session end flow:
- AppBar 'akhiri' action on chat_screen (visible when connected and
  not already closing).
- Tap fires confirm_end_step1 HaloPopup. lanjut akhiri -> step2;
  gak jadi balik -> dismiss, stay in chat.
- confirm_end_step2 HaloPopup. tulis pesan penutup -> closing_message_sheet
  HaloBottomSheet (textarea + kirim & akhiri / lewat — langsung akhiri).
  lewati saja closes immediately.
- Both close paths POST /api/client/session/:sessionId/end via
  session_closure_notifier.closeSession() and route to /chat/thank-you.
- 409 from the close endpoint surfaces a ClosureRejectedByMitraData
  state and a stub HaloPopup with TODO(stage8) for the BestieOfflinePopup
  returning variant.

Removed the legacy _showSessionExpiredDialog modal — Stage 6's
ChatExpiredBanner is the replacement notification.

Inline _buildGoodbyeView retained with a TODO for the mitra-side early
end flow (still reaches it).

endSessionTwoStepConfirmProvider hardcoded to true with a TODO — the
Stage 1.5 app_config row exists but no client-readable config endpoint
exists yet. Flip the provider to a FutureProvider once the read endpoint
ships.

Maestro 07_end_session_2step.yaml chains after the chat-happy flow
and asserts the Indonesian copy at each step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client_app/lib/core/chat/session_closure_notifier.dart

@@ -30,6 +30,13 @@ class ClosureCompleteData extends SessionClosureData {
   const ClosureCompleteData();
 }
 
+/// Stage 7 — emitted when the close-session API returns 409 (mitra-rejects-
+/// close path). The chat screen surfaces a "bestie offline / returning"
+/// fallback popup; Stage 8 will own the proper variant.
+class ClosureRejectedByMitraData extends SessionClosureData {
+  const ClosureRejectedByMitraData();
+}
+
 class ClosureErrorData extends SessionClosureData {
   final String message;
   const ClosureErrorData(this.message);
@@ -111,4 +118,37 @@ class SessionClosure extends _$SessionClosure {
       state = const ClosureErrorData('Gagal mengirim pesan penutup.');
     }
   }
+
+  /// Stage 7 — customer-initiated close. Calls
+  /// `POST /api/client/session/:sessionId/end`. On success, emits
+  /// `ClosureCompleteData` and refreshes the active-session snapshot so the
+  /// home CTA flips back to "Mulai Curhat" without waiting for the next poll.
+  /// On 409, emits `ClosureRejectedByMitraData` so the chat screen can show
+  /// the bestie-returning fallback popup. Other errors fall back to
+  /// `ClosureErrorData`.
+  Future<void> closeSession(String sessionId) async {
+    try {
+      await ref.read(apiClientProvider).post(
+        '/api/client/session/$sessionId/end',
+        data: const <String, dynamic>{},
+      );
+      state = const ClosureCompleteData();
+      ref.invalidate(activeSessionProvider);
+    } on DioException catch (e) {
+      if (e.response?.statusCode == 409) {
+        state = const ClosureRejectedByMitraData();
+      } else {
+        final code = e.response?.data?['error']?['code'];
+        if (code == 'SESSION_NOT_ACTIVE') {
+          // Server treats it as already closed — equivalent to success.
+          state = const ClosureCompleteData();
+          ref.invalidate(activeSessionProvider);
+        } else {
+          state = const ClosureErrorData('Gagal mengakhiri sesi.');
+        }
+      }
+    } catch (_) {
+      state = const ClosureErrorData('Gagal mengakhiri sesi.');
+    }
+  }
 }