Fix RDP WebSocket auth and tunnel UUID protocol

- RdpTab: remove token from base URL; pass via client.connect(data)
  because WebSocketTunnel always appends "?"+data to the URL,
  corrupting a pre-built ?token=JWT into ?token=JWT?<data>

- rdp.ts: send UUID as Guacamole internal instruction "0.,36.<uuid>;"
  (opcode="" = INTERNAL_DATA_OPCODE) instead of a plain string,
  matching the WebSocketTunnel 1.5.0+ protocol expectation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/websocket/rdp.ts

@@ -166,10 +166,11 @@ export async function rdpWebsocket(fastify: FastifyInstance) {
           throw new Error(`guacd handshake failed: expected 'ready', got '${readyInstruction[0]}'`);
         }
 
-        // 5. Send the guacd connection UUID as the first WebSocket message.
-        //    Guacamole.WebSocketTunnel expects this as its tunnel-UUID handshake.
+        // 5. Send the tunnel UUID as a Guacamole internal instruction.
+        //    WebSocketTunnel (1.5.0+) expects opcode "" (empty string) with the
+        //    UUID as the single argument: "0.,36.<uuid>;"
         const guacdUUID = readyInstruction[1] ?? randomUUID();
-        socket.send(guacdUUID);
+        socket.send(buildInstruction('', guacdUUID));
 
         // 6. Flush any buffered bytes that arrived after 'ready'
         if (tcpBuf.value.length > 0 && socket.readyState === WebSocket.OPEN) {