fix(client): correctly handle MiAuth URLs with query string

What

Patches the MiAuth flow to correctly append session to URLs that already have a query string in them. A long-form explanation of the problem can be found in #8608 (closed).

Why

Closes #8608 (closed)

Additional Notes

Strictly speaking this could be considered a breaking API change since people (like myself) who added special misskey workarounds in their codebase for the previous broken behavior will not be able to use new MiAuth sessions after this update rolls out. Then again, given how long this has gone seemingly unnoticed, it might as well have no noticeable effect for most of the developers building on top of MiAuth. Hard to say really.

I'll leave deciding whether or not this deserves a changelog entry up to you.