Remote Access: improve back off behavior and error messages

[naltatis]

The tunnel client treated a rejected connection as a successful connect: it reset the backoff and reconnected about once a second, causing reconnect storms against the cloud proxy.

• A second evcc with the same credentials no longer reconnects every second; it waits and takes over once the first goes offline
• An expired sponsor token retries every 15 min with a clear log, instead of a tight loop
• A connection that drops instantly is no longer treated as healthy
• Only connect if valid sponsorship exists. Avoids api errors. Client only checked at setup time.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In the websocket.Dial error handling, for status codes other than 401/403/409 you drop back to websocket dial: %w without including the HTTP status; consider wrapping the error with the status code (or at least logging it) so operators can distinguish different failure modes more easily.
• The backoff behavior now depends on hard-coded configRetryInterval and minUptime values; consider making these configurable (or at least derived from a shared backoff policy) so they can be tuned without code changes if operational experience shows they’re too aggressive or too conservative.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the `websocket.Dial` error handling, for status codes other than 401/403/409 you drop back to `websocket dial: %w` without including the HTTP status; consider wrapping the error with the status code (or at least logging it) so operators can distinguish different failure modes more easily.
- The backoff behavior now depends on hard-coded `configRetryInterval` and `minUptime` values; consider making these configurable (or at least derived from a shared backoff policy) so they can be tuned without code changes if operational experience shows they’re too aggressive or too conservative.

## Individual Comments

### Comment 1
<location path="server/remote/tunnel.go" line_range="78-82" />
<code_context>
 			bo.Reset()
 		}

+		wait := bo.NextBackOff()
+		// rejected credentials will not self-heal; retry slowly
+		if errors.Is(err, errCredentialsRejected) {
+			wait = configRetryInterval
+		}
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Avoid advancing the backoff state when overriding the wait duration for credential errors.

Because `NextBackOff()` is called before checking `errCredentialsRejected`, the internal backoff state advances even when its returned duration is discarded. This will cause later retries (after the error changes) to use a later point in the backoff sequence than intended. You can avoid this by only advancing the backoff when you use its value:

```go
var wait time.Duration
if errors.Is(err, errCredentialsRejected) {
	wait = configRetryInterval
} else {
	wait = bo.NextBackOff()
}
```

```suggestion
		var wait time.Duration
		// rejected credentials will not self-heal; retry slowly
		if errors.Is(err, errCredentialsRejected) {
			wait = configRetryInterval
		} else {
			wait = bo.NextBackOff()
		}
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}