refactor: code review fixes

Bug fixes:
- _extract_cursor: only extract Bottom cursors, preventing Top cursor
  from corrupting pagination state
- _api_request: merge _api_get/_api_post into unified method — POST
  now has rate-limit code 88 retry (was missing)
- fetch_user_likes: add override_base_variables=True

Code quality:
- Extract BEARER_TOKEN and USER_AGENT into constants.py (was duped
  in auth.py and client.py)
- Add user_profile_to_dict/users_to_json for proper UserProfile
  serialization (followers/following JSON output was ad-hoc)
- Refactor 6 CLI write commands via _write_action helper
- Extract _extract_media and _extract_author from _parse_tweet_result
- Update CLI module docstring with all 18 commands

twitter_cli/auth.py

@@ -17,15 +17,10 @@ import urllib.error
 import urllib.request
 from typing import Dict, Optional
 
+from .constants import BEARER_TOKEN, USER_AGENT
+
 logger = logging.getLogger(__name__)
 
-# Public bearer token (same as in client.py)
-_BEARER_TOKEN = (
-    "AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs"
-    "%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA"
-)
-
-
 def load_from_env() -> Optional[Dict[str, str]]:
     """Load cookies from environment variables."""
     auth_token = os.environ.get("TWITTER_AUTH_TOKEN", "")
@@ -49,16 +44,12 @@ def verify_cookies(auth_token, ct0):
     ]
 
     headers = {
-        "Authorization": "Bearer %s" % _BEARER_TOKEN,
+        "Authorization": "Bearer %s" % BEARER_TOKEN,
         "Cookie": "auth_token=%s; ct0=%s" % (auth_token, ct0),
         "X-Csrf-Token": ct0,
         "X-Twitter-Active-User": "yes",
         "X-Twitter-Auth-Type": "OAuth2Session",
-        "User-Agent": (
-            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) "
-            "AppleWebKit/537.36 (KHTML, like Gecko) "
-            "Chrome/131.0.0.0 Safari/537.36"
-        ),
+        "User-Agent": USER_AGENT,
     }
 
     for url in urls: